On Wed, Sep 02, 2015 at 14:15:18 +0200, Geert Hendrickx wrote:
On Wed, Sep 02, 2015 at 13:08:16 +0200, Michael Ströder wrote:
Geert Hendrickx wrote:
It's still not clear for me what is the link between the Manage DSA IT control and uniqueness constraint. From RFC 3296 defining the control: [..]
IIRC Pierangelo used the Manage DSA IT control for that use-case because the Relax Rules control wasn't defined at that time. Yes, I also consider this to be a flaw because JNDI sends along Manage DSA IT control by default.
Hi,
I'm not familiar with the inner details, but could it be that there has been confusion between "Manage DSA IT" control (RFC 3296) and "ManageDIT" control which has been obsoleted/replaced by the Relax Rules control?
This documentation ITS seems to confirm the (deliberate?) confusion between the ManageDsaIt and ManageDIT/Relax controls as well:
http://www.openldap.org/its/index.cgi/Documentation?id=7795
I vaguely remember that before the birth of draft-zeilenga-ldap-relax some (overlays?) misused the Manage DSA IT control for that purpose.
"manageDIT" was renamed to "relax" because it was too similar to "manageDSAit". Besides, although its use is intrinsically related to performing administrative operations, it is specifically meant to work around rules that make sense from a data model point of view but may need to be circumvented *during* "special" operations.
To implement a bypass of uniquness constraints, the relax control seems much more appropriate than ManageDsaIt.
The attached patch works for me. Should I file an ITS for slapo-unique?
Geert