On Thu, 2007-12-27 at 17:30 +0100, Pierangelo Masarati wrote:
LDAP_CONSTRAINT_VIOLATION was chosen since it correctly expresses
is the real error: the overlay was configured to be picky on checking
referential integrity, which, to me, is a constraint; LDAP would
otherwise be happy to have broken referential integrity, since that's
the responsibility of the application layer (the overlay in our case).
Returning LDAP_NO_SUCH_OBJECT for an operation (add, modify) whose
object (the request DN) is that of the group, and it exists, would be
rather misleading. Of course, as the slapo-memberof is an aplication
layer, I don't see a strong objection to making this error configurable,
but I strongly recommend to use LDAP_CONSTRAINT_VIOLATION as default.
I certainly agree with regard to defaults. I just need to be able to
configure it, as trying to pick out this error (I think i would have to
parse the textual error return) and remap it for windows clients would
be a real pain...
I do realise that the mission of OpenLDAP in general, and my hope to use
it as a backend to Samba4 will diverge significantly. I would have
OpenLDAP handling this area at all, except that hdb is handling the
subtree renames, and linked attributes are fundamentally linked to
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Red Hat Inc. http://redhat.com