[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#6108) unique overlay and rootdn

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#6108) unique overlay and rootdn
From: hyc@symas.com
Date: Wed, 27 May 2009 11:01:55 GMT
Auto-submitted: auto-generated (OpenLDAP-ITS)

mfn@fs-etit.de wrote:
> Full_Name: Christopher Dyck
> Version: 2.4.11
> OS: Linux
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (130.83.183.3)
>
>
> I found a strange behavior in the unique overlay.
>
> unique overlay only works, when a rootdn is specified in the slapd.conf, because
> the unique_search function uses the rootdn for searching. (took me hours to
> determine why my configuration didn't do it's job)
>
> Isn't it more reasonable to use the dn with which the add or modify is
> performed?

Definitely not. The user performing the write may not have sufficient access 
to see all of the instances of the attribute in question.

> Or mention this circumstance at least in the manpage?!

Probably.

-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/

Prev by Date: ITS#6141 published: SECURITY: Dynamic configuration perfomance issue
Next by Date: Re: (ITS#6103) canceled operations do not respond
Index(es):
- Chronological
- Thread