Protocol: modification items may violate schema

["Jim Sermersheim" <jimse@novell.com>]

All,

An issue has been raised regarding the language in 4.6:

"While individual modifications may violate the directory schema, the
resulting entry after the entire list of modifications is performed MUST
conform to the requirements of the directory schema."

While I believe most server implementors understand this to mean that
while any one modification item may cause an object class violation, the
entire set of modifications must be evaluated an no error returned if
the net effect would not violate schema.

For example, in one test it is expected that given the entry
(singleValAttr is a SINGLE-VALUE attribute):

dn: dc=example
objectclass: x
singleValAttr: val1

the following modify should not error:
dn: dc=example
changetype: modify
add: singleValAttr
singleValAttr: val2
-
delete: singleValAttr
singleValAttr: val1

While it's obvious that the net effect is to have a single value (val2)
in singleValAttr, because the order is backward, a server doesn't like
it.

Other examples might include:
- Deleting a distinguished name value and re-adding the same value
- Adding an attribute value of invalid syntax and then removing it.
- Adding a value that would produce contraintViolation, then removing
it.

Regarding the statement above: I've always read this as a requirement
on the data being presented to the server--that at least the resulting
entry MUST conform. I haven't (until recently) thought about it as a
requirement that the server allow silly things to be present in a list
of modification items.

What do others feel? Is there a need for clarity here? Are these kinds
of tests valid indicators of standards-compliance?

Jim