Michael Ströder wrote:
Kurt D. Zeilenga wrote:
I see
no problem with proxy backends making things work using manageDIT,
manageDSAit, proxyAuthz, and other controls.
What's the difference of manageDIT and manageDSAit controls?
- manageDSAit is a control that alters the behavior of LDAP operations
when addressing special data; it was designed to address referral object
management, but it is left open to use for other operations.
- manageDIT is for DIT maintenance.
I guess with manageDsaIT you refer to control 2.16.840.1.113730.3.4.2
described in RFC3296.
Yes.
Where can I read about manageDIT?
Basically, on this list and in OpenLDAP code. I guess Kurt is (about
to) write a draft on it.
To make it simple:
- manageDSAit disables some special actions relted to special objects,
and turns LDAP operations related to these object into normal LDAP
operations that address the object itself instead of its special
features. An example is access a referral object instead of the
referred entity.
- manageDIT should allow operations (essentially writes) on objects that
alter the object in a manner not allowed by the LDAP data model, but
that end up leaving the object in a state that conforms to the LDAP data
model. An example is change the structuralObjectClass, or the
entryUUID, or the createTimeStamp or so.
p.
SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497