[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#8164) RFC slapo-unique: set matchedDN

On 05/06/2015 17:41, michael@stroeder.com wrote:
> Full_Name: Michael Str.der
> Version: HEAD
> OS:
> URL:
> Submission from: (NULL) (
> It would be handy if slapo-unique could set matchedDN along with result code
> constraintViolation(19) to a DN of an existing entry causing the constraint to
> fail.
I think this would violate the purpose and specification of matchedDN.  
It would be more appropriate to have that piece of info returned within 
the control value of a specifically designed response control, when the 
control is explicitly requested.  What you're asking for could perhaps 
be logged, if it isn't yet.  My 2c.

Ciao, p.
> To avoid information disclosure ACL checking could be performed to determine
> whether the bound identity has at least search privilege on the entry pseudo
> attr and unique attr.

Pierangelo Masarati
Associate Professor
Dipartimento di Scienze e Tecnologie Aerospaziali
Politecnico di Milano