On Thu, Sep 24, 2015 at 04:34:13PM -0700, Quanah Gibson-Mount wrote:
--On Thursday, September 24, 2015 2:08 AM +0200 Alessandro Dentella sandro@e-den.it wrote:
Hi,
i have been stryggling with a unique contraint that i being constrantly bypassed by a java script.
I setup the ldap server and unique layer and I virified that the uniquened on a field is correctly enforce using ldapmodify, ldapvi, python and one more widget tool.
There is a java program I have not written (I don't know java) that constantly bypasses the constraint and I can't really understand how it can. It seems to perform the same operation I do: given an existing item, change mail field.
What can it be that is different from one and the other situation? All programs connect with simple authentication + tls.
Thanks for any possible hints
sandro *:-)
PS: I thought to bypass this problem switching to back-sql + PostgreSQL so that I openned up to other problems, subject of a separate email...
experimental, and why would you expect that to solve your issue?
becouse I know that PostgreSQL would never let a duplicate field on a unique index!
To me if slapo-index let a program to bypass that constraint is at least buggy and experimental eather.
The java program was written by people ot of my company, and I'm not really in the position to tell them to change they're code becouse I'm not able to make a correct index on a field. I'm not really used to think at unicity is a constraint that can be bypassed...
That said, the author of the java code is collaborative and there is room for a change if that demonstrates to be the correct solution.
Why would you use an unsupported backend that's entirely experimental
It has been in the openldap repository for years so I thought that was at least working. In the internet the documentation is verry scarce but there are people that declare it's working for them
I'd guess that java is using the manageDSAit control to bypass slapo-unique, and your other programs aren't.
Honestly I didn't even know about this possibility. Can I see that from the logs? They're not currently aware of using it unless is a default. What check can I ask them to perform?
Is there a way to inhibit this kind of access?
sandro Thanks in advance