Radovan Semancik wrote: > Yes, I can always read the entry first, compute changes and then modify it. > But > why do I need to do that? It takes two round trips and, client overhead and it > does not guarantee a sucess anyway. Server can do that easily and reliably. > Now, > if my directory server is somewhere in the cloud tens of milliseconds away > and I > have millions of users to provision then each extra round-trip is a waste.
Maybe we have a different understanding of the semantics of the permissive
modify control:
IMO using permissive modify control does not help getting rid of this extra
round-trip because you have to read the target entry first anyway to determine
whether you have to remove attributes or distinct attribute values.
Getting rid of the round-trip would require using something like the contrib
addpartial overlay where the client application always sends add requests with
the whole entry even for existing entries.
> So, let's get back to the original question: does OpenLDAP support the
> control?
> Do I need to configure something to enable it? That's all I need.
As said in my *first* answer it's listed in the rootDSE of my installation.
And it seems to work:
test-permissive-control.ldif:
------------------------------------------------------
dn: uid=foobar42,ou=Testing,dc=stroeder,dc=de
changetype: modify
add: o
o: Test
-
------------------------------------------------------
$ ldapmodify -f test-permissive-control.ldif
modifying entry "uid=foobar42,ou=Testing,dc=stroeder,dc=de"
$ ldapmodify -f test-permissive-control.ldif
modifying entry "uid=foobar42,ou=Testing,dc=stroeder,dc=de"
ldap_modify: Type or value exists (20)
additional info: modify/add: o: value #0 already exists
$ ldapmodify -e 1.2.840.113556.1.4.1413 -f test-permissive-control.ldif
modifying entry "uid=foobar42,ou=Testing,dc=stroeder,dc=de"
Ciao, Michael.
smime.p7s
Description: S/MIME Cryptographic Signature
