On Jan 3, 2011, at 7:04 PM, Kurt Zeilenga wrote:
I note that you moved authzid retrieval to RFC 3829 authzid control.
Yeah, figured I might as well use it here.
Are you going to implement its support server-side? Otherwise I might have time to look at it, maybe not immediately.
I have no plans to implement this in slapd(8). Might be a good starter project for someone.
I also have no plans to implement the general support for this control in the client side. We use LDAP Who Am I? in the general case.
Quick comment (don't want to interfere too much with your development): in ldapvc.c you added -a (authzid) and -b (ppolicy) switch.
Client-wise they are currently available as -e [!]bauthzid, -e ppolicy.
VC exop-wise controls could be grouped similarly, e.g. with a -a [!]<name>[=<value>] switch, to avoid quickly running out of switches.
Moreover, since some of these controls only apply at bind, some only apply during the specific operation(s) that client is supposed to do, some always apply, we could move control parsing and creation to separate helpers/switches, or add an optional field that indicates when the control is supposed to be used. This way, the -e switch could also be used to indicate control specific for the vc operation. Something like
-e [!][<when>:]<name>[=<value>]
<when> ::= {xadmrwcsre}+ x ; bind a ; add d ; delete m ; modify r ; nename w ; "write": same as "admn" c ; compare s ; search r ; "read": same as "cs" b ; unbind u ; unbind e ; exop C ; cancel P ; passmod V ; vc W ; whoami
If no specifier is given, the same control is used for all operations it applies to. So ldapvc could use, for example
-e !xV:bauthzid -e V:ppolicy -e xV:sessiontracking
to use authzid and session tracking for bind, and authzid, ppolicy and session tracking for vc.
p.