[Date Prev][Date Next] [Chronological] [Thread] [Top]

authTimestamp and relax rules control


I'm using slapo-lastbind with 2.4.24 found under contrib/ which writes the
operational attribute authTimestamp to an entry. Now I have a use-case where a
LDAP client (connector continously pumping data from another non-OpenLDAP
directory server) should write this attribute to the OpenLDAP server. But even
when using the relax rules control this does not seem to be allowed.

Section 3.6. of draft-zeilenga-ldap-relax-03 says:

  The subsections of this section discuss modification of various
  operational attributes where their NO-USER-MODIFICATION constraint may
  be relaxed.  Future documents may specify where NO-USER-MODIFICATION
  constraints on other operational attribute may be relaxed.  In absence
  of a document detailing that the NO-USER-MODIFICATION constraint on a
  particular operational attribute may be relaxed, implementors SHOULD
  assume relaxation of the constraint is not appropriate for that

Hmm, since there's no formal spec for authTimestamp I'm lost here?

Ciao, Michael.