Re: back-bdb flaw

Howard Chu writes:

There appears to be a long-standing problem with back-bdb and entries with more than BDB_IDL_DB_MAX immediate children. If the entryIDs of the children are non-contiguous, then attempts to delete the subtree of the entry will fail, because the IDL range for the OneLevel index in the dn2id DB will never zero out.

I'm not aware of a recursive delete LDAP control - do you mean "attempts to delete the entry after having deleted the subtree"? If so:

Is the problem only to (make it feasible to) detect this situation, or also to act on it? To detect it, I assume Delete before returning notAllowedOnNonLeaf could search with scope onelevel/children, and see if it finds any entires.