[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#8245) slapo-unique constraints bypassed by manageDsaIt, change to relax?
- To: openldap-its@OpenLDAP.org
- Subject: Re: (ITS#8245) slapo-unique constraints bypassed by manageDsaIt, change to relax?
- From: quanah@zimbra.com
- Date: Mon, 21 Sep 2015 19:28:52 +0000
- Auto-submitted: auto-generated (OpenLDAP-ITS)
--On Monday, September 14, 2015 8:38 AM +0000 geert@hendrickx.be wrote:
> Full_Name: Geert Hendrickx
> Version: 2.4.42
> OS:
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (212.123.14.2)
>
>
> Currently the ManageDsaIt control allows bypassing attribute uniqueness
> constraints as implemented by slapo-unique(5). This seems inappropriate
> as the ManageDsaIt control (RFC 3296) is intended for managing referral
> objects. Also it is set by default by certain clients (specifically Java
> JNDI) which makes uniqueness constraints practically useless with such
> clients.
>
> The newer Relax Rules control (draft-zeilenga-ldap-relax) seems much more
> appropriate for this use case, please consider using it instead. The
> simple pchch below works for me, but I haven't tested its interaction with
> replication.
Hi Geert,
Per discussion with Howard & Halvard,
The rationale was that manageDSAit means let me operate on the raw data and
disable all side-effects. This is still correct and should remain.
However, an option could be added to the module to disable this control
specifically for this overlay.
--Quanah
--
Quanah Gibson-Mount
Platform Architect
Zimbra, Inc.
--------------------
Zimbra :: the leader in open source messaging and collaboration