[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#6641) Syncrepl failure with 'overlay unique'

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#6641) Syncrepl failure with 'overlay unique'
From: hyc@symas.com
Date: Fri, 21 Jan 2011 03:11:35 GMT
Auto-submitted: auto-generated (OpenLDAP-ITS)

ondrej.kuznik@acision.com wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 11/09/2010 03:50 PM, ondrej.kuznik@acision.com wrote:
>> I have put a preliminary version of patches that modify the unique
>> overlay here
>> ftp://ftp.openldap.org/incoming/ondrej-kuznik-20101109-unique_bypass_v1.tgz
>>
>> They add a new configuration attribute olcUniqueAllowManageBypass (it is
>> prohibitively long for a name, though) that, if set to TRUE, triggers
>> the uniqueness checks not to be performed if the operation has manage
>> privilegies on the entry. There are three separate patches,
>> configuration code regarding the new attribute, the checks in
>> unique_{add,modify,modrdn} and manpage modifications.
>>
> After a conversation with Howard, I have modified the patches so that
> the overlay check for the ManageDsaIt control instead. That control
> should be set for each operation coming from replication. The patches
> are here:
> ftp://ftp.openldap.org/incoming/ondrej-kuznik-20101202-unique_bypass_v2.tgz
>
> Is there anything else that comes to mind?

I'm not sure it merits a config keyword. We already have instances where 
administrators are implicitly allowed to bypass rules that restrict normal 
users, and replication is obviously a system-level operation, not user level.

-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/

Prev by Date: Re: (ITS#6716) syncprov sessionlog 'sl_mincsn' not assigned a value.
Next by Date: (ITS#6802) Patch - Mozilla NSS - restart modules before NSS_Init after a fork()
Index(es):
- Chronological
- Thread