On Tue, Sep 22, 2015 at 08:45:12PM +0000, ondra@mistotebe.net wrote:
On Tue, Sep 22, 2015 at 09:01:59AM +0000, geert@hendrickx.be wrote:
For clarity I do agree that a control should exist to bypass uniqueness (and other) constraints. However I think manageDSAit is not the appropriate control by its definition, and also in practice given the fact it's set per default by popular client libs.
Relax Rules seems much more appropriate for this use case, as it's intended to temporarily relax database constraints, for administrative use only.
Yes, Relax control is better for manual bypass. We just need to make sure the original issue that this code was created to address is not reintroduced. ITS#6641 was put up to allow replication to bypass this overlay and anything that was already loaded to one master should happily replicate everywhere else. At that point, manageDSAit was the only way I could find to distinguish an operation coming from syncrepl, it seems that the constraint overlay has a more reliable check so that might be a better idea.
Patch to that effect is here: ftp://ftp.openldap.org/incoming/Ondrej-Kuznik-20150922-ITS-8245-unique-relax.patch
Given that relax control is still allowed for everyone (and no ACL support for controls exists yet), this patch will buy us little. I have updated the test suite accordingly so that this can be merged when OpenLDAP is ready: ftp://ftp.openldap.org/incoming/Ondrej-Kuznik-20170330-ITS-8245-unique-relax.patch
-
ondra@mistotebe.net