Johannes.Kanefendt@krzn.de wrote:
A workaround is to extend the assertion filter to match all other entries except the one to be modified:
(|(cn=*)(!(entryDN=cn=Anna\20Blume,ou=Users,ou=schulung,dc=stroeder,dc=local)))
The whole purpose of using the Assertion Control is that it should match the modified entry. When I construct a filter deliberately not matching the entry I can simply omit the Assertion Control completely.
Maybe I didn't get your idea though.
The use-case: My web2ldap sends Assertion Control along with a modify request with a filter constructed from all attributes considered to be not modified by another user:
(&(entryCSN=20160112183104\2e449732Z\23000000\23000\23000000)(creatorsName=cn=michael\20str\c3\b6der\2bmail=michael@stroeder\2ecom\2cou=private\2cdc=stroeder\2cdc=de)(entryUUID=1c66859e\2d3441\2d1034\2d93db\2d751297a711ee)(modifiersName=cn=michael\20str\c3\b6der\2bmail=michael@stroeder\2ecom\2cou=private\2cdc=stroeder\2cdc=de)(createTimestamp=20150119160811Z)(entryDN=ou=test\2cou=Testing\2cdc=stroeder\2cdc=de)(modifyTimestamp=20160112183104Z))
This is done to really ensure that the entry was *not* changed after being read into the input form the user edits.
Ciao, Michael.
-
michael@stroeder.com