Andrew Bartlett wrote:
When I add invalid member to a group, OpenLDAP returns
LDAP_CONSTRAINT_VIOLATION <adding non-existing object as group member>,
but AD returns error 32, LDAP_NO_SUCH_OBJECT for this situation.
Hmm, this is a result of a modify operation for which an additional
constraint is enforced. So I think the error code returned by OpenLDAP
is correct. Because the entry to be modified really exists it would be
wrong to return LDAP_NO_SUCH_OBJECT.
Would it be reasonable to change this, or could it be made
I'd even recommend not to enable this by configuration.
(it might be nobody ever looks at
this, but I don't like to make that assumption).
I'm nitpicking here because my web2ldap has a special exception handler
for dealing with LDAP_NO_SUCH_OBJECT (automagically lookup SRV RR for
dc-style DNs etc).