Re: commit: ldap/servers/slapd/overlays dyngroup.c
Pierangelo Masarati wrote:
Howard Chu wrote:
>> I thought this was going to be replaced by dynlist, whose
>> functionality it provides a subset. Note that in HEAD dynlist can
>> also be instantiated under the name "dyngroup" (see obsolete names),
>> with the same configuration syntax.
> Hm, the last I remember we had agreed that dyngroup should continue to
> be used, since dynlist does a lot more than dyngroup needed. Did I miss
> something?
Well, at some point yes, because dynlist was doing compare in a less
efficient manner, but I think this has been fixed. Otherwise, I would
have probably added back-config support earlier... not a big deal, just
wondering.
I just went back and re-read ITS#3756. If dyngroup functionality is working
fine in dynlist now, then we should just cvs rm dyngroup and drop it from 2.4.
In the meantime, I need to add support for dgIdentity to something. At this
point I guess that means I'll add it to dynlist.
It seems to me that we have 3 possible behaviors when the dgIdentity attribute
is not present:
1) search anonymously, as suggested in the Haripriya draft
2) search as the current user, as currently implemented
3) search as "self" i.e. the group DN
I'm thinking of adding a keyword to select this behavior. This would be a
single option that affects the entire overlay, not on a per-attrset basis.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/