Emmanuel Dreyfus wrote:
Howard Chuhyc@symas.com wrote:
I recall we had a few ideas last year, but they came up a bit late. Anyone still have some wish list items for this year?
External command execution overlay: it would enable calling fork()/execve() for a set of (operation, baseDN, pré-condition, post-condition). execve argument would allow substitution for various input: %{dn}, %{uid}, and so on.
For now this can be acheived by setting up an accesslog overlay on a shell backend and having a program filtering the produced LDIF, but it is rather suboptimal, and everyone has to reinvent the wheel for the LDIF filtering.
Have you looked at using back-sock instead of back-shell?
re: reinventing the wheel - this is true regardless. In order to provide a rich enough interface to be useful, you need to be able to pass a lot of parameters to the script/process on the other side, and that is going to require a significant chunk of parsing code. At least with LDIF, the format is already well-defined. (Though I agree that it's a pretty miserable format...) I'm not sure what a useful LDIF parsing library should look like. Perhaps one that parsed it into a chain of LDAPMessages.
(Perhaps that should be an SoC project too.)
I use it to allocate UID and GID automatically when a user is created, and to setup homes and quotas on machines that need it.
fork/exec in a threaded program is still a dicy proposition, which is one of the reasons we haven't gone there yet. It's also a good reason to phase out back-shell, and promote back-sock instead.
It would probably be a small enough job to put an overlay wrapper around back-sock (just like the chain overlay is a wrapper around back-ldap) with some filtering/selection keywords.