[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#3497) Enhancement: back-sql and non-leaf operations

Full_Name: Pierangelo Masarati
Version: HEAD
OS: irrelevant
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (

Back-sql could be easily modified to support operations on non-leaves, like
subtree deletion e.g. when the LDAP_CONTROL_X_TREE_DELETE is used, and renaming
of non-leaf entries, thanks to the transaction support of the underlying RDBMS.

Subtree deletion would require to fetch all the children, check whether there's
any referral among them (which would require manageDSAit for the entire
operation?) and subsequent deletion.

Renaming would be even easier, since only table ldap_entries would require to be
modified (essentially, all subtree DNs need be renamed, and that's all).  I
guess manageDSAit would yet be required if there's any referral among the
children, so all entries should be fetched in any case.

I'm wondering if any special permission should be requested for operations
of this kind.  Maybe manageDSAit, possibly with the extra 'm' (manage)
access to the baseObject of the operation (see followups on -devel of