[Date Prev][Date Next]
Re: uniqueness constraint violated when using ldapadd -M
- To: Howard Chu <firstname.lastname@example.org>
- Subject: Re: uniqueness constraint violated when using ldapadd -M
- From: Geert Hendrickx <email@example.com>
- Date: Tue, 25 Aug 2015 16:07:48 +0200
- Cc: firstname.lastname@example.org
- Content-disposition: inline
- Dkim-signature: v=1; a=rsa-sha256; c=simple/simple; d=hendrickx.be; s=geert; t=1440511668; bh=EpXMUt2OiBR9mN1I4GvCJiIWSr5qsthUfDCbRea1Ufw=; h=Date:From:To:Cc:Subject:References:In-Reply-To; b=dlapAAsBMSlyvgKY+lo9rVZO4hMmbLws2k4dHRwy4gZTVC9CYtGZ7DKqj4Lnn3G6u YtVeGuJ6dyaYMvLIKG6QOwkaifHr/fxejUoM2sn/byuE4evCcZUSFmiw3s9J3pWDRe 1GZqc6LB8qr6dknTXVOD6ebnLTU+iHoIJiDNHqNx6UYIUK978N5GwJcJaI/C4Qx2v2 u3W7HyAvpffn4YISkx0ue4+PlX9PvFy3OOWrcueFCYzoCIdRIc2rq90FVJUlQmkq1m +YrqiV98EkRRqDTGCMYSbU6YknqzYo4fOzboYEYqLxwkVUzQB9l6FSiMZSTjtIRLrL YKsgBIl3sWtZw==
- In-reply-to: <20150825131222.GA19054@vera.ghen.be>
- References: <20150824132523.GA13533@vera.ghen.be> <55DC6391.email@example.com> <20150825131222.GA19054@vera.ghen.be>
- User-agent: Mutt/1.5.23+102 (2ca89bed6448) (2014-03-12)
On Tue, Aug 25, 2015 at 15:12:22 +0200, Geert Hendrickx wrote:
> On Tue, Aug 25, 2015 at 13:46:09 +0100, Howard Chu wrote:
> > Geert Hendrickx wrote:
> > >Hi,
> > >
> > >I noticed uniqueness constraints enforced by the slapo-unique overlay can
> > >be bypassed when using the manage DSA IT control (ldapadd -M).
> > >The uniqueness constraint has been violated when using -M, while it was
> > >correctly enforced without -M.
> > >
> > >Feature or bug?
> > RTFM, this is already explicitly documented in the slapo-unique(5) manpage.
> Thanks, I overlooked that. I'm not managing the LDAP client here, I'll
> have to talk to the devs why they are using the ManageDsaIt control.
It's still not clear for me what is the link between the Manage DSA IT
control and uniqueness constraint. From RFC 3296 defining the control:
A control, ManageDsaIT, is defined to allow manipulation of referral
and other special objects as normal objects. As the name of control
implies, it is intended to be analogous to the ManageDsaIT service
option described in X.511(97) [X.511].
In the presence of a ManageDsaIT control, referral objects are
treated as normal entries as described in section 3. Note that the
ref attribute is operational and will only be returned in a search
entry response when requested.
In the absence of a ManageDsaIT control, the content of referral
objects are used to construct referrals and search references as
described in Section 4 and, as such, the referral entries are not
themselves visible to clients.
Why must it bypass the uniqueness constraints on the server?
geert.hendrickx.be :: firstname.lastname@example.org :: PGP: 0xC4BB9E9F
This e-mail was composed using 100% recycled spam messages!