Andrew Findlay wrote:
On Wed, Feb 23, 2011 at 08:58:33AM +0000, hyc(a)symas.com wrote:
> Possibly we can extend the directive to handle exclusion as well as inclusion,
> to simplify this case.
Extending this idea slightly, would it be possible to have
exclusions based on changes to specific attributes? The
particular case I have in mind is where accesslog is used to
keep a permanent audit log of changes, and ppolicy is also
in use, resulting in one audit entry for every login
failure. I have one site where a large proportion of the auditlog
entries are login failures...
Perhaps in that case, it would be simpler just to set ppolicy's mods to be
internal-only and bypass the accesslog overlay. (Currently it does this
already, if the server is a single-master replica.)
So far you're talking about two different enhancements - the original poster
is trying to exclude a set of searches, and you're talking about excluding
modify ops. I'm not seeing any way yet to generalize from here such that all
operation types are addressed meaningfully, and I don't want to introduce
multiple special cases to the config language.
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/