On Tue, Sep 22, 2015 at 08:45:12PM +0000, [email protected] wrote: > On Tue, Sep 22, 2015 at 09:01:59AM +0000, [email protected] wrote: >> For clarity I do agree that a control should exist to bypass uniqueness >> (and other) constraints. However I think manageDSAit is not the >> appropriate control by its definition, and also in practice given the >> fact it's set per default by popular client libs. >> >> Relax Rules seems much more appropriate for this use case, as it's intended >> to temporarily relax database constraints, for administrative use only. > > Yes, Relax control is better for manual bypass. We just need to make > sure the original issue that this code was created to address is not > reintroduced. ITS#6641 was put up to allow replication to bypass this > overlay and anything that was already loaded to one master should > happily replicate everywhere else. At that point, manageDSAit was the > only way I could find to distinguish an operation coming from syncrepl, > it seems that the constraint overlay has a more reliable check so that > might be a better idea. > > Patch to that effect is here: > ftp://ftp.openldap.org/incoming/Ondrej-Kuznik-20150922-ITS-8245-unique-relax.patch
Given that relax control is still allowed for everyone (and no ACL support for controls exists yet), this patch will buy us little. I have updated the test suite accordingly so that this can be merged when OpenLDAP is ready: ftp://ftp.openldap.org/incoming/Ondrej-Kuznik-20170330-ITS-8245-unique-relax.patch -- OndÅej KuznÃk Senior Software Engineer Symas Corporation http://www.symas.com Packaged, certified, and supported LDAP solutions powered by OpenLDAP
