[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#8164) RFC slapo-unique: set matchedDN

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#8164) RFC slapo-unique: set matchedDN
From: pierangelo.masarati@polimi.it
Date: Fri, 05 Jun 2015 17:03:48 +0000
Auto-submitted: auto-generated (OpenLDAP-ITS)

On 05/06/2015 17:41, michael@stroeder.com wrote:
> Full_Name: Michael Str.der
> Version: HEAD
> OS:
> URL:
> Submission from: (NULL) (212.227.35.94)
>
>
> It would be handy if slapo-unique could set matchedDN along with result code
> constraintViolation(19) to a DN of an existing entry causing the constraint to
> fail.
I think this would violate the purpose and specification of matchedDN.  
It would be more appropriate to have that piece of info returned within 
the control value of a specifically designed response control, when the 
control is explicitly requested.  What you're asking for could perhaps 
be logged, if it isn't yet.  My 2c.

Ciao, p.
>
> To avoid information disclosure ACL checking could be performed to determine
> whether the bound identity has at least search privilege on the entry pseudo
> attr and unique attr.
>
>
>


-- 
Pierangelo Masarati
Associate Professor
Dipartimento di Scienze e Tecnologie Aerospaziali
Politecnico di Milano

Prev by Date: (ITS#8164) RFC slapo-unique: set matchedDN
Next by Date: (ITS#8165) Add proper versioning to liblmdb
Index(es):
- Chronological
- Thread