Geert Hendrickx wrote: > On Tue, Aug 25, 2015 at 15:12:22 +0200, Geert Hendrickx wrote: >> On Tue, Aug 25, 2015 at 13:46:09 +0100, Howard Chu wrote: >>> Geert Hendrickx wrote: >>>> Hi, >>>> >>>> I noticed uniqueness constraints enforced by the slapo-unique overlay can >>>> be bypassed when using the manage DSA IT control (ldapadd -M). >>> >>>> The uniqueness constraint has been violated when using -M, while it was >>>> correctly enforced without -M. >>>> >>>> Feature or bug? >>> >>> RTFM, this is already explicitly documented in the slapo-unique(5) manpage. >> >> Thanks, I overlooked that. I'm not managing the LDAP client here, I'll >> have to talk to the devs why they are using the ManageDsaIt control. > > It's still not clear for me what is the link between the Manage DSA IT > control and uniqueness constraint. From RFC 3296 defining the control: > [..] IIRC Pierangelo used the Manage DSA IT control for that use-case because the Relax Rules control wasn't defined at that time. Yes, I also consider this to be a flaw because JNDI sends along Manage DSA IT control by default. Ciao, Michael.
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature