Kurt Zeilenga wrote: > > On Mar 17, 2011, at 11:49 AM, Michael Ströder wrote: >> I'm using slapo-lastbind with 2.4.24 found under contrib/ which writes the >> operational attribute authTimestamp to an entry. Now I have a use-case where >> a >> LDAP client (connector continously pumping data from another non-OpenLDAP >> directory server) should write this attribute to the OpenLDAP server. But >> even >> when using the relax rules control this does not seem to be allowed. >> >> Section 3.6. of draft-zeilenga-ldap-relax-03 says: >> >> The subsections of this section discuss modification of various >> operational attributes where their NO-USER-MODIFICATION constraint may >> be relaxed. Future documents may specify where NO-USER-MODIFICATION >> constraints on other operational attribute may be relaxed. In absence >> of a document detailing that the NO-USER-MODIFICATION constraint on a >> particular operational attribute may be relaxed, implementors SHOULD >> assume relaxation of the constraint is not appropriate for that >> attribute. >> >> Hmm, since there's no formal spec for authTimestamp I'm lost here? > > The SHOULD here simply means "think before relax".
So after thinking I'd vote for allowing authTimestamp to be set by a client when relax rules control is in effect => ITS#6873 Ciaio, Michael.
