[Date Prev][Date Next]
Re: (ITS#8164) RFC slapo-unique: set matchedDN
On 05/06/2015 17:41, firstname.lastname@example.org wrote:
> Full_Name: Michael Str.der
> Version: HEAD
> Submission from: (NULL) (184.108.40.206)
> It would be handy if slapo-unique could set matchedDN along with result code
> constraintViolation(19) to a DN of an existing entry causing the constraint to
I think this would violate the purpose and specification of matchedDN.
It would be more appropriate to have that piece of info returned within
the control value of a specifically designed response control, when the
control is explicitly requested. What you're asking for could perhaps
be logged, if it isn't yet. My 2c.
> To avoid information disclosure ACL checking could be performed to determine
> whether the bound identity has at least search privilege on the entry pseudo
> attr and unique attr.
Dipartimento di Scienze e Tecnologie Aerospaziali
Politecnico di Milano