michael@stroeder.com wrote:

What's the use-case for this? I'm concerned about overloading the semantics of Relax Rules control far beyond what's written in draft-zeilenga-ldap-relax.

Well, a user with "manage" privileges on related data could bypass constraints enforced by slapo-constraint(5) by using the "relax" control. The rationale is that a user with manage privileges could be able to repair an entry that needs to violate a constraint for good reasons. Note that the user:

- must have enough privileges to do it (manage)

- must inform the DSA that intends to violate the constraint (by using the control)

I decided to overload "relax" rather than defining a specific control because I believe this fits into the spirit of "relax". In fact, the resulting entry would violate a constraint, but would not violate the protocol.

p.

Ing. Pierangelo Masarati OpenLDAP Core Team

SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ----------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Fax: +39 0382 476497 Email: ando@sys-net.it -----------------------------------