Re: rename across trees: manageDIT?

[Pierangelo Masarati <ando@sys-net.it>]

Michael Ströder wrote:

> Kurt D. Zeilenga wrote:
>  
>
> > I see
> > no problem with proxy backends making things work using manageDIT,
> > manageDSAit, proxyAuthz, and other controls.
> >    
>
> What's the difference of manageDIT and manageDSAit controls?
>  
- manageDSAit is a control that alters the behavior of LDAP operations 
when addressing special data; it was designed to address referral object 
management, but it is left open to use for other operations.
- manageDIT is for DIT maintenance.

> I guess with manageDsaIT you refer to control 2.16.840.1.113730.3.4.2
> described in RFC3296.
Yes.

> Where can I read about manageDIT?
>  
Basically, on this list and in OpenLDAP code.  I guess Kurt is (about 
to) write a draft on it.

To make it simple:
- manageDSAit disables some special actions relted to special objects, 
and turns LDAP operations related to these object into normal LDAP 
operations that address the object itself instead of its special 
features.  An example is access a referral object instead of the 
referred entity.
- manageDIT should allow operations (essentially writes) on objects that 
alter the object in a manner not allowed by the LDAP data model, but 
that end up leaving the object in a state that conforms to the LDAP data 
model.  An example is change the structuralObjectClass, or the 
entryUUID, or the createTimeStamp or so.

p.


   SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497