[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: authTimestamp and relax rules control

To: Michael Ströder <michael@stroeder.com>
Subject: Re: authTimestamp and relax rules control
From: Kurt Zeilenga <Kurt@OpenLDAP.org>
Date: Fri, 18 Mar 2011 12:59:42 -0700
Cc: openldap-devel@OpenLDAP.org
In-reply-to: <4D8257D5.1030602@stroeder.com>
References: <4D8257D5.1030602@stroeder.com>

On Mar 17, 2011, at 11:49 AM, Michael Ströder wrote:

> HI!
> 
> I'm using slapo-lastbind with 2.4.24 found under contrib/ which writes the
> operational attribute authTimestamp to an entry. Now I have a use-case where a
> LDAP client (connector continously pumping data from another non-OpenLDAP
> directory server) should write this attribute to the OpenLDAP server. But even
> when using the relax rules control this does not seem to be allowed.
> 
> Section 3.6. of draft-zeilenga-ldap-relax-03 says:
> 
>  The subsections of this section discuss modification of various
>  operational attributes where their NO-USER-MODIFICATION constraint may
>  be relaxed.  Future documents may specify where NO-USER-MODIFICATION
>  constraints on other operational attribute may be relaxed.  In absence
>  of a document detailing that the NO-USER-MODIFICATION constraint on a
>  particular operational attribute may be relaxed, implementors SHOULD
>  assume relaxation of the constraint is not appropriate for that
>  attribute.
> 
> Hmm, since there's no formal spec for authTimestamp I'm lost here?

The SHOULD here simply means "think before relax".

-- Kurt

Follow-Ups:
- Re: authTimestamp and relax rules control
  - From: Michael Ströder <michael@stroeder.com>

References:
- authTimestamp and relax rules control
  - From: Michael Ströder <michael@stroeder.com>

Prev by Date: Re: Release testing
Next by Date: Re: authTimestamp and relax rules control
Index(es):
- Chronological
- Thread