masarati@aero.polimi.it wrote:
OpenLDAP allows you to do something equivalent atomically using the "relax" control (<draft-zeilenga-ldap-relax>, a work in progress) on top of a modify operation that modifies the entry by deleting the now inappropriate attrs and adding the now appropriate ones within a single modification that leaves the object in a consistent state. The user needs to have "manage" access privileges on all the data that's modified.
web2ldap 1.1.x now has even better support for that.
How can it be better than using the "relax" control? If you do a delete/add, you still need the "relax" control to enforce the original entryUUID. Can you elaborate on that?
As it is a work in progress, its functionality may change a little bit across versions. For example, in earlier versions, the modify operation had to explicitly deal with changing the (operational) attribute structuralObjectClass. Recent versions do not allow this, but rather recompute it according to the final values of the objectClass attribute, provided they result in a consistent inheritance relationship.
Hmm, so the input field for structuralObjectClass should not be enabled which is another special case for the UI if this control is in effect...
Yes. This took place with ITS#5792, released with 2.4.14.
You can play with the demo: http://demo.web2ldap.de:1760/web2ldap/ldapparams?ldap:///dc=uninett,dc=no
I will, thanks. p.