Re: OpenLDAP structural object class problems

[masarati@aero.polimi.it]

> masarati@aero.polimi.it wrote:

>> OpenLDAP allows you to do something equivalent atomically using the
>> "relax" control (<draft-zeilenga-ldap-relax>, a work in progress) on top
>> of a modify operation that modifies the entry by deleting the now
>> inappropriate attrs and adding the now appropriate ones within a single
>> modification that leaves the object in a consistent state.  The user
>> needs
>> to have "manage" access privileges on all the data that's modified.
>
> web2ldap 1.1.x now has even better support for that.

How can it be better than using the "relax" control?  If you do a
delete/add, you still need the "relax" control to enforce the original
entryUUID.  Can you elaborate on that?

>
>> As it is a work in progress, its functionality may change a little bit
>> across versions.  For example, in earlier versions, the modify operation
>> had to explicitly deal with changing the (operational) attribute
>> structuralObjectClass.  Recent versions do not allow this, but rather
>> recompute it according to the final values of the objectClass attribute,
>> provided they result in a consistent inheritance relationship.
>
> Hmm, so the input field for structuralObjectClass should not be enabled
> which
> is another special case for the UI if this control is in effect...

Yes.  This took place with ITS#5792, released with 2.4.14.

>
> You can play with the demo:
> http://demo.web2ldap.de:1760/web2ldap/ldapparams?ldap:///dc=uninett,dc=no

I will, thanks.  p.