On Thu, 2007-12-27 at 17:30 +0100, Pierangelo Masarati wrote: > LDAP_CONSTRAINT_VIOLATION was chosen since it correctly expresses what > is the real error: the overlay was configured to be picky on checking > referential integrity, which, to me, is a constraint; LDAP would > otherwise be happy to have broken referential integrity, since that's > the responsibility of the application layer (the overlay in our case). > Returning LDAP_NO_SUCH_OBJECT for an operation (add, modify) whose > object (the request DN) is that of the group, and it exists, would be > rather misleading. Of course, as the slapo-memberof is an aplication > layer, I don't see a strong objection to making this error configurable, > but I strongly recommend to use LDAP_CONSTRAINT_VIOLATION as default. I certainly agree with regard to defaults. I just need to be able to configure it, as trying to pick out this error (I think i would have to parse the textual error return) and remap it for windows clients would be a real pain... I do realise that the mission of OpenLDAP in general, and my hope to use it as a backend to Samba4 will diverge significantly. I would have OpenLDAP handling this area at all, except that hdb is handling the subtree renames, and linked attributes are fundamentally linked to that. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Red Hat Inc. http://redhat.com
Attachment:
signature.asc
Description: This is a digitally signed message part