--On Monday, September 14, 2015 8:38 AM +0000 geert@hendrickx.be wrote:
Full_Name: Geert Hendrickx Version: 2.4.42 OS: URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (212.123.14.2)
Currently the ManageDsaIt control allows bypassing attribute uniqueness constraints as implemented by slapo-unique(5). This seems inappropriate as the ManageDsaIt control (RFC 3296) is intended for managing referral objects. Also it is set by default by certain clients (specifically Java JNDI) which makes uniqueness constraints practically useless with such clients.
The newer Relax Rules control (draft-zeilenga-ldap-relax) seems much more appropriate for this use case, please consider using it instead. The simple pchch below works for me, but I haven't tested its interaction with replication.
Hi Geert,
Per discussion with Howard & Halvard,
The rationale was that manageDSAit means let me operate on the raw data and disable all side-effects. This is still correct and should remain. However, an option could be added to the module to disable this control specifically for this overlay.
--Quanah
--
Quanah Gibson-Mount Platform Architect Zimbra, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration
-
quanah@zimbra.com