[Date Prev][Date Next]
Re: authTimestamp and relax rules control
On Mar 17, 2011, at 11:49 AM, Michael Ströder wrote:
> I'm using slapo-lastbind with 2.4.24 found under contrib/ which writes the
> operational attribute authTimestamp to an entry. Now I have a use-case where a
> LDAP client (connector continously pumping data from another non-OpenLDAP
> directory server) should write this attribute to the OpenLDAP server. But even
> when using the relax rules control this does not seem to be allowed.
> Section 3.6. of draft-zeilenga-ldap-relax-03 says:
> The subsections of this section discuss modification of various
> operational attributes where their NO-USER-MODIFICATION constraint may
> be relaxed. Future documents may specify where NO-USER-MODIFICATION
> constraints on other operational attribute may be relaxed. In absence
> of a document detailing that the NO-USER-MODIFICATION constraint on a
> particular operational attribute may be relaxed, implementors SHOULD
> assume relaxation of the constraint is not appropriate for that
> Hmm, since there's no formal spec for authTimestamp I'm lost here?
The SHOULD here simply means "think before relax".