[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
back-sql and non-leaf operations
- To: openldap-devel@OpenLDAP.org
- Subject: back-sql and non-leaf operations
- From: "Pierangelo Masarati" <ando@sys-net.it>
- Date: Thu, 20 Jan 2005 15:58:26 +0100 (CET)
- Domainkey-signature: a=rsa-sha1; s=mail; d=sys-net.it; c=simple; q=dns; b=N9srFabaH1NGEQUhTlRiC6KFL7TzVnmyQSAXBMcYYy+cTaubudyBdg6xvQenUvZtk Zods0yKsVfZtU8UYaq/DQ==
- Importance: Normal
- User-agent: SquirrelMail/1.4.3a-1
Back-sql could be easily modified to support operations on non-leaves,
like subtree deletion e.g. when the LDAP_CONTROL_X_TREE_DELETE is used,
and renaming of non-leaf entries, thanks to the transaction support of the
underlying RDBMS.
Subtree deletion would require to fetch all the children, check whether
there's any referral among them (which would require manageDSAit for the
entire operation?) and subsequent deletion.
Renaming would be even easier, since only table ldap_entries would require
to be modified (essentially, all subtree DNs need be renamed, and that's
all). I guess manageDSAit would yet be required if there's any referral
among the children, so all entries should be fetched in any case.
I'm wondering if any special permission should be requested for operations
of this kind. Maybe manageDSAit, possibly with the extra 'm' (manage)
access to the baseObject of the operation (see followups on -devel of
ITS#3472).
I'm also submitting this as an ITS to keep track of it.
p.
--
Pierangelo Masarati
mailto:pierangelo.masarati@sys-net.it
SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497