[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP memberof plugin and Samba4

On Thu, 2007-12-27 at 17:30 +0100, Pierangelo Masarati wrote:

> LDAP_CONSTRAINT_VIOLATION was chosen since it correctly expresses what
> is the real error: the overlay was configured to be picky on checking
> referential integrity, which, to me, is a constraint; LDAP would
> otherwise be happy to have broken referential integrity, since that's
> the responsibility of the application layer (the overlay in our case).
> Returning LDAP_NO_SUCH_OBJECT for an operation (add, modify) whose
> object (the request DN) is that of the group, and it exists, would be
> rather misleading.  Of course, as the slapo-memberof is an aplication
> layer, I don't see a strong objection to making this error configurable,
> but I strongly recommend to use LDAP_CONSTRAINT_VIOLATION as default.

I certainly agree with regard to defaults.  I just need to be able to
configure it, as trying to pick out this error (I think i would have to
parse the textual error return) and remap it for windows clients would
be a real pain...

I do realise that the mission of OpenLDAP in general, and my hope to use
it as a backend to Samba4 will diverge significantly.  I would have
OpenLDAP handling this area at all, except that hdb is handling the
subtree renames, and linked attributes are fundamentally linked to

Andrew Bartlett

Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.                  http://redhat.com

Attachment: signature.asc
Description: This is a digitally signed message part