Re: [ldapext] Fwd: I-D ACTION:draft-zeilenga-ldap-managedit-00.txt

[Michael Ströder <michael@stroeder.com>]

John McMeeking wrote:
> 
> I would like to see a name for the control that is not so close to the
> existing ManageDsaIT control.

+1

> I've always been a little uneasy about making it too easy to use for
> fear that an administrator would start using such a control for one
> purpose and either use it where it shouldn't have been used

There are many possibilities for an administrator to do bad things.

> -- like
> inadvertantly updating an entry on a read-only replica because he
> misdiagnosed a problem, or using it to fix one problem and because of
> the controls presence also be allowed to do something else unintended.
>  Or worse yet, just start using the control out of bad habit.

There's no technical solution against dumb people.

> I'm trying to think of something that makes the control perhaps a
> little less dangerous without making it impossible to use. In some
> respects, maybe what I really want is an interactive "are you sure
> you want to do this" capability;

This is subject of client application programming but does not work for
non-interactive clients.

Ciao, Michael.

_______________________________________________
Ldapext mailing list
Ldapext@ietf.org
https://www1.ietf.org/mailman/listinfo/ldapext