[email protected] wrote: > The other reading is "using relax might let you do more, but you still > need the right permissions", which is closer to how manageDSAIt works > and it seems that's what OpenLDAP (but not slapo-constraint) does. The > hassle is that you need to check permissions if you want to follow that > and that's hard to do correctly if you're an overlay.
AFAIK using Relax Rules control makes slapd finish a write operation in case a constraintViolation would be returned without this control provided the bound identity has manage privilege (and of course does not hit insufficientAccess before because of missing write privilege). IMO slapo-unique should do the very same. If the behaviour is unclear I'd hack a test configuration. Ciao, Michael.
