Geert Hendrickx wrote:
On Tue, Aug 25, 2015 at 15:12:22 +0200, Geert Hendrickx wrote:
On Tue, Aug 25, 2015 at 13:46:09 +0100, Howard Chu wrote:
Geert Hendrickx wrote:
Hi,
I noticed uniqueness constraints enforced by the slapo-unique overlay can be bypassed when using the manage DSA IT control (ldapadd -M).
The uniqueness constraint has been violated when using -M, while it was correctly enforced without -M.
Feature or bug?
RTFM, this is already explicitly documented in the slapo-unique(5) manpage.
Thanks, I overlooked that. I'm not managing the LDAP client here, I'll have to talk to the devs why they are using the ManageDsaIt control.
It's still not clear for me what is the link between the Manage DSA IT control and uniqueness constraint. From RFC 3296 defining the control: [..]
IIRC Pierangelo used the Manage DSA IT control for that use-case because the Relax Rules control wasn't defined at that time. Yes, I also consider this to be a flaw because JNDI sends along Manage DSA IT control by default.
Ciao, Michael.