[Date Prev][Date Next]
Re: (ITS#8245) slapo-unique constraints bypassed by manageDsaIt, change to relax?
- To: openldap-its@OpenLDAP.org
- Subject: Re: (ITS#8245) slapo-unique constraints bypassed by manageDsaIt, change to relax?
- From: firstname.lastname@example.org
- Date: Mon, 21 Sep 2015 19:28:52 +0000
- Auto-submitted: auto-generated (OpenLDAP-ITS)
--On Monday, September 14, 2015 8:38 AM +0000 email@example.com wrote:
> Full_Name: Geert Hendrickx
> Version: 2.4.42
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (22.214.171.124)
> Currently the ManageDsaIt control allows bypassing attribute uniqueness
> constraints as implemented by slapo-unique(5). This seems inappropriate
> as the ManageDsaIt control (RFC 3296) is intended for managing referral
> objects. Also it is set by default by certain clients (specifically Java
> JNDI) which makes uniqueness constraints practically useless with such
> The newer Relax Rules control (draft-zeilenga-ldap-relax) seems much more
> appropriate for this use case, please consider using it instead. The
> simple pchch below works for me, but I haven't tested its interaction with
Per discussion with Howard & Halvard,
The rationale was that manageDSAit means let me operate on the raw data and
disable all side-effects. This is still correct and should remain.
However, an option could be added to the module to disable this control
specifically for this overlay.
Zimbra :: the leader in open source messaging and collaboration