[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: rename across trees: manageDIT?

Michael Ströder wrote:

Kurt D. Zeilenga wrote:

I see
no problem with proxy backends making things work using manageDIT,
manageDSAit, proxyAuthz, and other controls.

What's the difference of manageDIT and manageDSAit controls?

- manageDSAit is a control that alters the behavior of LDAP operations when addressing special data; it was designed to address referral object management, but it is left open to use for other operations.
- manageDIT is for DIT maintenance.

I guess with manageDsaIT you refer to control 2.16.840.1.113730.3.4.2
described in RFC3296.


Where can I read about manageDIT?

Basically, on this list and in OpenLDAP code. I guess Kurt is (about to) write a draft on it.

To make it simple:
- manageDSAit disables some special actions relted to special objects, and turns LDAP operations related to these object into normal LDAP operations that address the object itself instead of its special features. An example is access a referral object instead of the referred entity.
- manageDIT should allow operations (essentially writes) on objects that alter the object in a manner not allowed by the LDAP data model, but that end up leaving the object in a state that conforms to the LDAP data model. An example is change the structuralObjectClass, or the entryUUID, or the createTimeStamp or so.


SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497