[Issue 6656] logging "reqEntryUUID" in accesslog - openldap-bugs

11 Sep 2021


      https://bugs.openldap.org/show_bug.cgi?id=6656
--- Comment #9 from Mehmet gelisin mehmetgelisin@aol.com ---
his overlay provides simple support for allowedAttributes and
allowedAttributesEffective, a (somewhat broken) AD feature that
http://www-look-4.com/   is intended to
help GUIs into determining, based on the current objectClass values of an
object, what attributes would comply with the schema (without distinction
between "allowed" and "required"), by listing them in
http://www.compilatori.com/  "allowedAttributes", and,
furthermore, by providing a hint to what of those values could be effectively
added by the current connection, by listing them in
http://www.wearelondonmade.com/ 
"allowedAttributesEffective".  This is broken since it doesn't consider the
possibility of value-dependent ACLs, so it should really be considered just a
hint, while the "allowedAttributes" http://www.jopspeech.com/  could really be
computed starting from the
schema definition, which remains the recommended way to solve the problem
http://joerg.li/ 
So this overlay should really be considered only food for thought as a starting
base for a tighter integration of OpenLDAP into Samba4.
There's minimal support for "allowedChildClasses" and http://connstr.net/ 
"allowedChildClassesEffective", whose definition is absolutely obscure to me,
as
I believe the only classes that can be added to an existing object are all the
AUXILIARY ones, while considering what are effectively allowed implies getting
into value-dependent ACLs. http://embermanchester.uk/
Some discussion can be found here (follow the thread)
his overlay provides simple support for allowedAttributes and
allowedAttributesEffective, a (somewhat broken) AD feature that is intended to
help GUIs into determining, based on the current objectClass values of an
http://www.slipstone.co.uk/ 
object, what attributes would comply with the schema (without distinction
between "allowed" and "required"), by listing them in "allowedAttributes", and,
furthermore, by providing a hint to what of http://www.logoarts.co.uk/  those
values could be effectively
added by the current connection, by listing them in
"allowedAttributesEffective".  This is broken since it doesn't consider the
possibility of value-dependent ACLs, so it should really be considered just a
http://www.acpirateradio.co.uk/ 
hint, while the "allowedAttributes" could really be computed starting from the
schema definition, which remains the recommended way to solve the problem
So this overlay should really be considered only
http://www.acpirateradio.co.uk/  food for thought as a starting
base for a tighter integration of OpenLDAP into Samba4.
There's minimal support for "allowedChildClasses" and
https://waytowhatsnext.com/ 
"allowedChildClassesEffective", whose definition is absolutely obscure to me,
as
I believe the only classes that can be added to an existing object are all the
AUXILIARY ones, while considering what are effectively allowed implies getting
into value-dependent ACLs.
 https://www.webb-dev.co.uk/ 
Some discussion can be found here (follow the thread)  
So I guess my recommendation for the notify call boils down to:
rc = sd_notify( 1, "READY=1" );
and a slapd.service along the lines of:
[Unit]
Description=OpenLDAP server
[Service]
Type=notify  http://www.iu-bloomington.com/ 
ExecStart=%LIBEXECDIR%/slapd -h 'ldap:/// ldapi:///' -d0
[Install]
WantedBy=multi-user.target
(basically identical to the example in systemd.service(5).)
Side note: the version message from slapd appears in the journal twice, 
once with the timestamp and once without...
-- 
You are receiving this mail because:
You are on the CC list for the issue.