[Date Prev][Date Next]
Re: (ITS#5705) [enhancement] slapo-constraint could honor "relax" by not checking for constraints
> email@example.com wrote:
>> What's the use-case for this? I'm concerned about overloading the
>> semantics of Relax Rules control far beyond what's written in
> Well, a user with "manage" privileges on related data could bypass
> constraints enforced by slapo-constraint(5) by using the "relax"
This is a technical description.
> The rationale is that a user with manage privileges could be
> able to repair an entry that needs to violate a constraint for good
Currently I can't imagine a use-case for this particular violation of
constraints. Do you have one? Just an example?
> I decided to overload "relax" rather than defining a specific control
> because I believe this fits into the spirit of "relax".
I'm not sure. See, I try to support Relax Rules control in web2ldap. If
the control is in effect the behaviour of the UI has to be heavily
changed. I even considered proposing a that the Relax Rules control
should have different values for specifying what particular constraint
shall be relaxed.
> In fact, the
> resulting entry would violate a constraint, but would not violate the
Yes. I'm more concerned about complexity in a UI frontend.