>>> Soft Del: The attribute shall contain none of these values, but might >>> have >>> others > >> I'm not sure I understand how SOFTDEL differs from LDAP_MOD_DELETE. Do >> you mean that values listed in SOFTDEL will be deleted if they exist, or >> otherwise ignored? > > Yes; LDAP_MOD_DELETE requires that the listed values exist. The > delete-all-values case is separate. If we had > > cn: a > cn: b > > and ran > > changetype: modify > softdel: cn > cn: b > cb: c > > Then the result would be success and cn=a remaining. Yes, this is useful!
Protocol-wise, this is what permissive modify control is intended for. I concur that having this as an internal modification (much like SLAP_MOD_SOFTADD) would allow finer grain control to internal operations, without (ab)using the permissive control. The same, in terms of granularity, applies protocol-wise. p.
