hyc@symas.com writes:
monitorContext, readOnly and the olc* attributes are defined by OpenLDAP (their OIDs start with 1.3.6.1.4.1.4203) and can be modified if we feel like it. Personally I prefer attrs to have the matching rules they can have unless there is a reason not to, but I didn't write these modules so I don't know if there _is_ a reason not to.
For the config attributes, I just assumed no one needs to search on them (so no filter capability needed) and for single-valued attributes, there's no need to consider modifies...
Oh, good. No reason not to add matching rules then:-)
I search for one config attrs or another once in a while. Mostly for olcSuffix and with presence filters, but it'd be nice if e.g. (olcAccess:caseIgnoreSubstringsMatch:=*userPassword*) worked. Also some day I'll want to use assertion controls as a check on modify operations someday.
Still, I'm not proposing to add more work than necessary to this ITS. Get it right first, then think of "nice to have"-features if/when anyone bothers.
-
h.b.furuseth@usit.uio.no