[Pkg-openldap-devel] Bug#864719: Bug#864719: Bug#864719: Bug#864719: slapd: fails to configure when olcSuffix contains a backslash-escaped umlaut
Karsten Heymann
karsten.heymann at gmail.com
Wed Jun 14 19:06:20 UTC 2017
Some thoughts about the bug report (sorry for the borked first version
of this mail):
1. There is already code in openldap that maps dn's to paths in the
cn=config backend when it writes the config tree to the file system in
/etc/ldap/slapd.d. Maybe that code or at least its escaping logic can
be reused.
2. Wouldn't it be enough to use the database *number* to uniquely name
the database backup? This would remove the whole problem.
3. In order to use the basedn as a file name that can be safely used
in shell script, what about a whitelist approach that replaces or
encodes any character that is not a (ascii) letter, number, dash or
underscrore with something safe/sane? Seems a better way than the
approach where only certain "bad" characters are replaced. Unicode is
huge, and using a whitelist of known good characters seems a more
defensive approach, especially when prefixed with the database number.
So "o=|\/|y Über Company" would become something like
"db2-yberCompany".
Feedback appreciated.
More information about the Pkg-openldap-devel
mailing list