[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#8245) slapo-unique constraints bypassed by manageDsaIt, change to relax?

--On Monday, September 14, 2015 8:38 AM +0000 geert@hendrickx.be wrote:

> Full_Name: Geert Hendrickx
> Version: 2.4.42
> OS:
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (
> Currently the ManageDsaIt control allows bypassing attribute uniqueness
> constraints as implemented by slapo-unique(5).  This seems inappropriate
> as the ManageDsaIt control (RFC 3296) is intended for managing referral
> objects.  Also it is set by default by certain clients (specifically Java
> JNDI) which makes uniqueness constraints practically useless with such
> clients.
> The newer Relax Rules control (draft-zeilenga-ldap-relax) seems much more
> appropriate for this use case, please consider using it instead.  The
> simple pchch below works for me, but I haven't tested its interaction with
> replication.

Hi Geert,

Per discussion with Howard & Halvard,

The rationale was that manageDSAit means let me operate on the raw data and 
disable all side-effects.  This is still correct and should remain. 
However, an option could be added to the module to disable this control 
specifically for this overlay.



Quanah Gibson-Mount
Platform Architect
Zimbra, Inc.
Zimbra ::  the leader in open source messaging and collaboration