On 07/28/2009 11:58 AM, Howard Chu wrote:
The aci attribute is currently defined with a syntax of IA5 String.
This syntax only allows 7-bit characters. Now that the server has
support for syntax validation, this would prevent one from using
international characters in aci rules. This patch defines the aci
attribute with the Directory String syntax, which allows any valid
UTF8 character.
Y'know, LDAP/X.500 requires that existing schema items must never be
changed once they're in use. When you want to change something like
this, usually you must define a new attributeType with a new OID for
the purpose. Probably not so important given the history of schema
checking in this code, but an fyi...
Thanks for the heads up. In this case, there are likely people with aci
values out in the wild that are not 7-bit clean, despite the fact that
the attribute is defined as an IA5 String. These aci values have worked
just fine since we only recently added syntax validation when adding
attribute values. Not changing the syntax of the aci attribute to
Directory String would break existing deployments that have been
depending on this functionality, hence the decision to modify the
existing definition.
--
389-devel mailing list
389-devel@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-devel
