hyc@symas.com wrote:
Andrew Findlay wrote:
On Wed, Feb 23, 2011 at 08:58:33AM +0000, hyc@symas.com wrote:
Possibly we can extend the directive to handle exclusion as well as inclusion, to simplify this case.
Extending this idea slightly, would it be possible to have exclusions based on changes to specific attributes? The particular case I have in mind is where accesslog is used to keep a permanent audit log of changes, and ppolicy is also in use, resulting in one audit entry for every login failure. I have one site where a large proportion of the auditlog entries are login failures...
Perhaps in that case, it would be simpler just to set ppolicy's mods to be internal-only and bypass the accesslog overlay. (Currently it does this already, if the server is a single-master replica.)
So far you're talking about two different enhancements - the original poster is trying to exclude a set of searches, and you're talking about excluding modify ops. I'm not seeing any way yet to generalize from here such that all operation types are addressed meaningfully, and I don't want to introduce multiple special cases to the config language.
A URI-based restriction specification could include/exclude based on suffix, filter and listed attributes with a unified syntax.
p.