> > In order to support "Old DN format including DN in the double quotes" > another cn=config switch may be necessary. It seems there was recently a new > switch introduced to make the dn syntax validation a little more "relaxed" - > nsslapd-dn-validate-strict. Maybe this one could be used to allow for DNs > with double-quoted values? > > Actually, the way how we are going to handle the old style 'dn: > <type>="<nested dn>",<the rest>' is converting the old style to a new style > in the normalization when the server receives DNs from clients and the > converted new style DN is used in the rest of the process. The > nsslapd-dn-validate-strict value is examined in the DN syntax validation > code for now. Unless we change it, the DN syntax validation code always > receives the new DN style. > > Ok. What i wanted to say is that we should avoid any new config parameters in cn=config. The way you propose to handle the problem is the best one - it is completely transparent to the user, the server back-end "sees" only the normalised DNs so it does not complain and no additional configuration parameters are necessary.
That being said, are you suggesting if nsslapd-dn-validate-strict is on, we > should not convert an old style DN to a new style? That'd be really > strict. I'm leaning toward to the other side accepting the both old and new > style with no restriction. Do you see any disadvantages in allowing the old > style? > No, absolutely not, i agree completely with your reasoning. The code should be strict but not completely rigid :) Taking care of the "legacy" presentation in a transparent manner is the ideal solution.
-- 389-devel mailing list 389-de...@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-devel
