Return-Path: X-Original-To: apmail-directory-dev-archive@www.apache.org Delivered-To: apmail-directory-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 110097D07 for ; Wed, 31 Aug 2011 20:44:34 +0000 (UTC) Received: (qmail 22902 invoked by uid 500); 31 Aug 2011 20:44:33 -0000 Delivered-To: apmail-directory-dev-archive@directory.apache.org Received: (qmail 22826 invoked by uid 500); 31 Aug 2011 20:44:33 -0000 Mailing-List: contact dev-help@directory.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Apache Directory Developers List" Delivered-To: mailing list dev@directory.apache.org Received: (qmail 22816 invoked by uid 99); 31 Aug 2011 20:44:33 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 31 Aug 2011 20:44:33 +0000 X-ASF-Spam-Status: No, hits=-2000.5 required=5.0 tests=ALL_TRUSTED,RP_MATCHES_RCVD X-Spam-Check-By: apache.org Received: from [140.211.11.116] (HELO hel.zones.apache.org) (140.211.11.116) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 31 Aug 2011 20:44:31 +0000 Received: from hel.zones.apache.org (hel.zones.apache.org [140.211.11.116]) by hel.zones.apache.org (Postfix) with ESMTP id 70281444FC for ; Wed, 31 Aug 2011 20:44:11 +0000 (UTC) Date: Wed, 31 Aug 2011 20:44:11 +0000 (UTC) From: "Howard Chu (JIRA)" To: dev@directory.apache.org Message-ID: <369271563.4483.1314823451455.JavaMail.tomcat@hel.zones.apache.org> In-Reply-To: <1475796375.4082.1314817690010.JavaMail.tomcat@hel.zones.apache.org> Subject: [jira] [Commented] (DIRSERVER-1651) rfc 4533 implementation differences between openldap and apacheDS MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/DIRSERVER-1651?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13094881#comment-13094881 ] Howard Chu commented on DIRSERVER-1651: --------------------------------------- There is nothing to be gained from maliciously spoofing the cookie, since the operation is part of a regular Search request. I.e., the client can only ever retrieve any information that server authorizations would already allow the client to see. Indeed, slapd's -c option allows a sysadmin to set any cookie value at all; this is intended to be used to force a consumer to re-pull data from an older point in time, in case more recent data was lost/curropted/whatever. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/ > rfc 4533 implementation differences between openldap and apacheDS > ----------------------------------------------------------------- > > Key: DIRSERVER-1651 > URL: https://issues.apache.org/jira/browse/DIRSERVER-1651 > Project: Directory ApacheDS > Issue Type: Bug > Components: ldap > Affects Versions: 2.0.0-M2 > Reporter: Hajo Kliemeck > Labels: 4533, openldap, syncrepl > > Tthere is an incompatibility between the RFC 4533 implementation of apacheDS and openldap. > openldap uses the cookie structure "rid=" (initial) or "rid=,csn=" (update) while apacheDS is using NULL for the initial state and the structure ";" for the update state. in the RFC its said: > {quote} > The absence of a cookie or an initialized synchronization state in a cookie indicates a request for initial content..... > {quote} > first is apacheDS like, second is openldap like > It should be possible to adapt the structure or the behavior. -- This message is automatically generated by JIRA. For more information on JIRA, see: http://www.atlassian.com/software/jira