From 34b34f6b63f333bd78dcf95502cc130993f9e487 Mon Sep 17 00:00:00 2001
From: Pierangelo Masarati <ando@openldap.org>
Date: Mon, 23 Feb 2009 00:04:48 +0000
Subject: [PATCH] do not allow naming attribute repetitions in RDNs (ITS#5968)

---
 servers/slapd/dn.c | 17 ++---------------
 1 file changed, 2 insertions(+), 15 deletions(-)

diff --git a/servers/slapd/dn.c b/servers/slapd/dn.c
index c3669d6406..638187411a 100644
--- a/servers/slapd/dn.c
+++ b/servers/slapd/dn.c
@@ -250,21 +250,8 @@ AVA_Sort( LDAPRDN rdn, int nAVAs )
 			ava_j = rdn[ j ];
 			a = strcmp( ava_i->la_attr.bv_val, ava_j->la_attr.bv_val );
 
-			if ( a == 0 ) {
-				int		d;
-
-				d = ava_i->la_value.bv_len - ava_j->la_value.bv_len;
-
-				a = memcmp( ava_i->la_value.bv_val, 
-						ava_j->la_value.bv_val,
-						d <= 0 ? ava_i->la_value.bv_len 
-							: ava_j->la_value.bv_len );
-
-				if ( a == 0 ) {
-					a = d;
-				}
-			}
-			/* Duplicates are not allowed */
+			/* RFC4512 does not allow multiple AVAs
+			 * with the same attribute type in RDN (ITS#5968) */
 			if ( a == 0 )
 				return LDAP_INVALID_DN_SYNTAX;
 
-- 
2.39.5