andrew.findlay@skills-1st.co.uk wrote:

On Thu, Jun 09, 2011 at 01:45:17AM -0700, Howard Chu wrote:

...

I note that in ppolicy.c we have:

{   "( 1.3.6.1.4.1.42.2.27.8.1.17 "
    "NAME ( 'pwdAccountLockedTime' ) "
    "DESC 'The time an user account was locked' "
    "EQUALITY generalizedTimeMatch "
    "ORDERING generalizedTimeOrderingMatch "
    "SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 "
    "SINGLE-VALUE "

#if 0 /* Not until Relax control is released */ "NO-USER-MODIFICATION " #endif "USAGE directoryOperation )",

We have in fact released support for the Relax control, so it's probably time to unifdef these bits and go back to the documented behavior.

What does "released support" really mean?

$ grep -i relax openldap-2.4.26/include/ldap.h #define LDAP_CONTROL_RELAX "1.3.6.1.4.1.4203.666.5.12" #define LDAP_CONTROL_MANAGEDIT LDAP_CONTROL_RELAX

"No released software should use an OID under this arc." See http://www.openldap.org/faq/data/cache/200.html

I'd really love to see an officially assigned OID (especially given the fact that web2ldap supports it).

Ciao, Michael.