On Thu, 2007-12-27 at 17:30 +0100, Pierangelo Masarati wrote:
LDAP_CONSTRAINT_VIOLATION was chosen since it correctly expresses what is the real error: the overlay was configured to be picky on checking referential integrity, which, to me, is a constraint; LDAP would otherwise be happy to have broken referential integrity, since that's the responsibility of the application layer (the overlay in our case). Returning LDAP_NO_SUCH_OBJECT for an operation (add, modify) whose object (the request DN) is that of the group, and it exists, would be rather misleading. Of course, as the slapo-memberof is an aplication layer, I don't see a strong objection to making this error configurable, but I strongly recommend to use LDAP_CONSTRAINT_VIOLATION as default.
I certainly agree with regard to defaults. I just need to be able to configure it, as trying to pick out this error (I think i would have to parse the textual error return) and remap it for windows clients would be a real pain...
I do realise that the mission of OpenLDAP in general, and my hope to use it as a backend to Samba4 will diverge significantly. I would have OpenLDAP handling this area at all, except that hdb is handling the subtree renames, and linked attributes are fundamentally linked to that.
Andrew Bartlett