Adding requests with the
ignore-no-user-modification control enable a
client to include attributes that are not normally allowed from external sources. For
example, the
userPassword attribute is a user-modifiable attribute. An
add request with the
ignore-no-user-modification control allows a
one-time exception to the password policy, even if the requesting client does not have the
bypass-pw-policy privilege. This exception enables specifying
pre-encoded passwords.
Note: When adding an entry,
the server can ensure that the entry's RDN is unique and does not contain any sensitive
information by replacing the provided entry's RDN with the server-generated entryUUID
value. An LDAP client written with the LDAP SDK for Java can use the
NameWithEntryUUIDRequestControl to explicitly indicate which add
requests should be named in this way, or the
ldapmodify tool with the
--nameWithEntryUUID argument. Also, the
auto-name-with-entry-uuid-connection-criteria and
auto-name-with-entry-uuid-request-criteria global configuration
properties can be used to identify which add requests should be automatically named this
way.
The uniqueness request control can also be used with
ldapmodify for enforcing uniqueness on a per-request basis.
Provide at least one of the uniquenessAttribute or
uniquenessFilter arguments with the request. For more
information about this control, see the LDAP SDK documentation and the
com.unboundid.ldap.sdk.unboundidds.controls.UniquenessResponseControl
class for using the control.