[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#3497) Enhancement: back-sql and non-leaf operations

[moved to devel for broader discussion]

At 07:02 AM 1/20/2005, ando@sys-net.it wrote:
>Full_Name: Pierangelo Masarati
>Version: HEAD
>OS: irrelevant
>URL: ftp://ftp.openldap.org/incoming/
>Submission from: (NULL) (131.175.154.56)
>
>
>Back-sql could be easily modified to support operations on non-leaves, like
>subtree deletion e.g. when the LDAP_CONTROL_X_TREE_DELETE is used, and renaming
>of non-leaf entries, thanks to the transaction support of the underlying RDBMS.

What would you do if you run into an referral object?

Is there any implementation of MS's tree delete (in OpenLDAP?
in non-MS server?).  Seems the specification is incomplete...

>Subtree deletion would require to fetch all the children, check whether there's
>any referral among them (which would require manageDSAit for the entire
>operation?) and subsequent deletion.

I don't see this as something requiring manageDSAit (control
or permission).

I do see it requiring permission to delete each object in
the subtree.

>Renaming would be even easier, since only table ldap_entries would require to be
>modified (essentially, all subtree DNs need be renamed, and that's all).  I
>guess manageDSAit would yet be required if there's any referral among the
>children, so all entries should be fetched in any case.
>
>I'm wondering if any special permission should be requested for operations
>of this kind.  Maybe manageDSAit, possibly with the extra 'm' (manage)
>access to the baseObject of the operation (see followups on -devel of
>ITS#3472).

For rename, same permission as if the entry to be moved had no
children.  (See back-hdb)

For delete tree, see above.