[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#8245) slapo-unique constraints bypassed by manageDsaIt, change to relax?

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#8245) slapo-unique constraints bypassed by manageDsaIt, change to relax?
From: quanah@zimbra.com
Date: Mon, 21 Sep 2015 19:28:52 +0000
Auto-submitted: auto-generated (OpenLDAP-ITS)

--On Monday, September 14, 2015 8:38 AM +0000 geert@hendrickx.be wrote:

> Full_Name: Geert Hendrickx
> Version: 2.4.42
> OS:
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (212.123.14.2)
>
>
> Currently the ManageDsaIt control allows bypassing attribute uniqueness
> constraints as implemented by slapo-unique(5).  This seems inappropriate
> as the ManageDsaIt control (RFC 3296) is intended for managing referral
> objects.  Also it is set by default by certain clients (specifically Java
> JNDI) which makes uniqueness constraints practically useless with such
> clients.
>
> The newer Relax Rules control (draft-zeilenga-ldap-relax) seems much more
> appropriate for this use case, please consider using it instead.  The
> simple pchch below works for me, but I haven't tested its interaction with
> replication.

Hi Geert,

Per discussion with Howard & Halvard,

The rationale was that manageDSAit means let me operate on the raw data and 
disable all side-effects.  This is still correct and should remain. 
However, an option could be added to the module to disable this control 
specifically for this overlay.

--Quanah

--

Quanah Gibson-Mount
Platform Architect
Zimbra, Inc.
--------------------
Zimbra ::  the leader in open source messaging and collaboration

Prev by Date: (ITS#8250) Allowing transaction to be created in the reset state
Next by Date: Re: (ITS#8245) slapo-unique constraints bypassed by manageDsaIt, change to relax?
Index(es):
- Chronological
- Thread