hyc@OpenLDAP.org wrote:
Update of /repo/OpenLDAP/pkg/ldap/servers/slapd/overlays
Modified Files: sssvlv.c 1.10 -> 1.11
One thing we haven't addressed formally is the behavior of back-ldap when handling request controls. In some cases back-ldap is being used as a full proxy and is intended to be transparent, so everything it receives from a client should be sent directly to the remote server. Other times it's acting as part of a larger tree, where some superior in the DIT should be fielding the controls and back-ldap should only be forwarding vanilla requests to the remote. As a third case, it may be a full proxy, but the remote server doesn't support certain features, so slapd should still handle them locally and only send plain requests onward. We need some clear configuration mechanism to express these situations.