[389-devel] Re: Please Review: Change aci attribute syntax to Directory String (Nathan Kinder)
Nathan Kinder
nkinder at redhat.com
Tue Jul 28 19:57:42 UTC 2009
On 07/28/2009 11:58 AM, Howard Chu wrote:
>> The aci attribute is currently defined with a syntax of IA5 String.
>> This syntax only allows 7-bit characters. Now that the server has
>> support for syntax validation, this would prevent one from using
>> international characters in aci rules. This patch defines the aci
>> attribute with the Directory String syntax, which allows any valid
>> UTF8 character.
>
> Y'know, LDAP/X.500 requires that existing schema items must never be
> changed once they're in use. When you want to change something like
> this, usually you must define a new attributeType with a new OID for
> the purpose. Probably not so important given the history of schema
> checking in this code, but an fyi...
>
Thanks for the heads up. In this case, there are likely people with aci
values out in the wild that are not 7-bit clean, despite the fact that
the attribute is defined as an IA5 String. These aci values have worked
just fine since we only recently added syntax validation when adding
attribute values. Not changing the syntax of the aci attribute to
Directory String would break existing deployments that have been
depending on this functionality, hence the decision to modify the
existing definition.
More information about the Fedora-directory-devel
mailing list