hyc@symas.com wrote:
When slapd is configured to host a database with empty suffix (""), an entry with empty DN can be slapadd'ed, but not ldapadd'ed. I believe the latter behavior is appropriate, while the former should be denied.
No, you need to be able to slapadd the context entry, in particular to restore a contextCSN.
OK, but then no corresponding add operation can be performed, as far as I understand. I think we should provide a means to allow this operation, e.g. with a specific control.
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ----------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Fax: +39 0382 476497 Email: ando@sys-net.it -----------------------------------
-
ando@sys-net.it