[email protected] wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 11/09/2010 03:50 PM, [email protected] wrote: >> I have put a preliminary version of patches that modify the unique >> overlay here >> ftp://ftp.openldap.org/incoming/ondrej-kuznik-20101109-unique_bypass_v1.tgz >> >> They add a new configuration attribute olcUniqueAllowManageBypass (it is >> prohibitively long for a name, though) that, if set to TRUE, triggers >> the uniqueness checks not to be performed if the operation has manage >> privilegies on the entry. There are three separate patches, >> configuration code regarding the new attribute, the checks in >> unique_{add,modify,modrdn} and manpage modifications. >> > After a conversation with Howard, I have modified the patches so that > the overlay check for the ManageDsaIt control instead. That control > should be set for each operation coming from replication. The patches > are here: > ftp://ftp.openldap.org/incoming/ondrej-kuznik-20101202-unique_bypass_v2.tgz > > Is there anything else that comes to mind?
I'm not sure it merits a config keyword. We already have instances where administrators are implicitly allowed to bypass rules that restrict normal users, and replication is obviously a system-level operation, not user level. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
