directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Emmanuel Lecharny (JIRA)" <>
Subject [jira] Commented: (DIREVE-339) Decoder does no give sufficient information about errors so the LDAP server can respond with correct result code.
Date Thu, 02 Feb 2006 23:33:04 GMT
    [ ] 

Emmanuel Lecharny commented on DIREVE-339:

This is a real problem, but we can fix it fast.

What are our options here ? 
1) Just don't take the responsability of detecting bad DN in ASN.1 codec. Then we will send
the created DN to the next layer
2) Assume that we test that the DN syntax is valid, but we must throw an error allowing the
client to be informed of the cause of the error.

I personnaly assumed that the second solution was better, in a sense that I build a LdapDN
(it should be renamed LdapName), which internally contains RDN. So an invalid DN will lead
top incorrect inner structure. That was a choice, of course. The alternative was to store
the String, instead of building a valid DN.

However, in this case, the thrown exception is not good. May be wa can throw a specific exception
for that purpose, but that mean a special handling in the protocol layer. I'm not totally
happy with that solution. An other way to go is to set a flag to tell the MessageHandler that
the DN was incorrect. Or simply forget about the control, and just store the value as it,
without parsing it. We just have to add a method to store this UP name into a ldapDN.

wdyt is best ?

> Decoder does no give sufficient information about errors so the LDAP server can respond
with correct result code.
> -----------------------------------------------------------------------------------------------------------------
>          Key: DIREVE-339
>          URL:
>      Project: Directory Server
>         Type: Bug
>     Reporter: Alex Karasulu
>     Assignee: Alex Karasulu

> Right now a communication exception is thrown by the server when a malformed DN is given
in a PDU.  I tested this with bind for example using a bad BindDN.  When the ASN1 codec fails
the server cannot really tell the difference between a bad protocol PDU which causes a protocolError
(2) resulting in a JNDI CommunicationException from a bad DN which should return a resultCode
of namingViolation (64) which in JNDI comes back to the client as an InvalidNameException.
For more info on resultCodes mapping to JNDI exceptions see: 
> Basically the ASN1 decoder has to throw exceptions with hints regarding the failure to
allow the server to respond appropriately to the client.  This can be done by embedding additional
info such as a result code in an subclass of DecoderException.  Then the LdapProtocolProvider
can access this info. 
> This problem is a direct result of trying to parse a DN for correctness when this is
not the responsibility of the ASN1 codec.  The LDAP BER codec should be giving stuff back
to the server as is and letting the server determine whether or not the dn or other (non-asn1
constrained) constructs are invalid.

This message is automatically generated by JIRA.
If you think it was sent incorrectly contact one of the administrators:
For more information on JIRA, see:

View raw message