[Date Prev][Date Next]
Re: (ITS#8245) slapo-unique constraints bypassed by manageDsaIt, change to relax?
- To: openldap-its@OpenLDAP.org
- Subject: Re: (ITS#8245) slapo-unique constraints bypassed by manageDsaIt, change to relax?
- From: firstname.lastname@example.org
- Date: Thu, 30 Mar 2017 12:34:13 +0000
- Auto-submitted: auto-generated (OpenLDAP-ITS)
On Tue, Sep 22, 2015 at 08:45:12PM +0000, email@example.com wrote:
> On Tue, Sep 22, 2015 at 09:01:59AM +0000, firstname.lastname@example.org wrote:
>> For clarity I do agree that a control should exist to bypass uniqueness
>> (and other) constraints. However I think manageDSAit is not the
>> appropriate control by its definition, and also in practice given the
>> fact it's set per default by popular client libs.
>> Relax Rules seems much more appropriate for this use case, as it's intended
>> to temporarily relax database constraints, for administrative use only.
> Yes, Relax control is better for manual bypass. We just need to make
> sure the original issue that this code was created to address is not
> reintroduced. ITS#6641 was put up to allow replication to bypass this
> overlay and anything that was already loaded to one master should
> happily replicate everywhere else. At that point, manageDSAit was the
> only way I could find to distinguish an operation coming from syncrepl,
> it seems that the constraint overlay has a more reliable check so that
> might be a better idea.
> Patch to that effect is here:
Given that relax control is still allowed for everyone (and no ACL
support for controls exists yet), this patch will buy us little. I have
updated the test suite accordingly so that this can be merged when
OpenLDAP is ready:
Senior Software Engineer
Symas Corporation http://www.symas.com
Packaged, certified, and supported LDAP solutions powered by OpenLDAP