Radovan Semancik wrote: > Yes, I can always read the entry first, compute changes and then modify it. But > why do I need to do that? It takes two round trips and, client overhead and it > does not guarantee a sucess anyway. Server can do that easily and reliably. Now, > if my directory server is somewhere in the cloud tens of milliseconds away and I > have millions of users to provision then each extra round-trip is a waste. Maybe we have a different understanding of the semantics of the permissive modify control: IMO using permissive modify control does not help getting rid of this extra round-trip because you have to read the target entry first anyway to determine whether you have to remove attributes or distinct attribute values. Getting rid of the round-trip would require using something like the contrib addpartial overlay where the client application always sends add requests with the whole entry even for existing entries. > So, let's get back to the original question: does OpenLDAP support the control? > Do I need to configure something to enable it? That's all I need. As said in my *first* answer it's listed in the rootDSE of my installation. And it seems to work: test-permissive-control.ldif: ------------------------------------------------------ dn: uid=foobar42,ou=Testing,dc=stroeder,dc=de changetype: modify add: o o: Test - ------------------------------------------------------ $ ldapmodify -f test-permissive-control.ldif modifying entry "uid=foobar42,ou=Testing,dc=stroeder,dc=de" $ ldapmodify -f test-permissive-control.ldif modifying entry "uid=foobar42,ou=Testing,dc=stroeder,dc=de" ldap_modify: Type or value exists (20) additional info: modify/add: o: value #0 already exists $ ldapmodify -e 1.2.840.113556.1.4.1413 -f test-permissive-control.ldif modifying entry "uid=foobar42,ou=Testing,dc=stroeder,dc=de" Ciao, Michael.
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature