1:37 a.m.
I wonder why the auditContext is not implemented in slapo-accesslog. I
needed it in a similar overlay to provide (sort-of-)consumers a means to
locate the log db; should I port this fix to slapo-accesslog?
p.
Ing. Pierangelo Masarati
OpenLDAP Core Team
SysNet s.n.c.
Via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
------------------------------------------
Office: +39.02.23998309
Mobile: +39.333.4963172
Email: pierangelo.masarati(a)sys-net.it
------------------------------------------
2:34 a.m.
Pierangelo Masarati wrote:
I wonder why the auditContext is not implemented in slapo-accesslog.
I needed it in a similar overlay to provide (sort-of-)consumers a
means to locate the log db; should I port this fix to slapo-accesslog?
BTW, in its
definition as in <draft-chu-ldap-logschema-01.txt>, the
EQUALITY rule might be not strictly required. It could rather be
derived from namingContexts or, in analogy to it (because of
dSAOperation instead of directoryOperation; but, likely, auditContext
should be dSAOperation as well), it could simply be formulated without
any EQUALITY rule, indicating that it shouldn't be searched for (except
for presence), but rather looked up exactly in the naming context.
It could be implemented using bi_operational(), which would allow to
return it only if requested; this, however, would prevent the
possibility to search it (even, if no EQUALITY is defined, for
presence). Otherwise we'd need to store it in the database; that
attribute could be registered at overlay startup and unregistered at
overlay shutdown. I don't like this much because one could remove the
overlay off-line, preventing it from unregistering the attribute,
polluting the database.
p.
Ing. Pierangelo Masarati
OpenLDAP Core Team
SysNet s.n.c.
Via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
------------------------------------------
Office: +39.02.23998309
Mobile: +39.333.4963172
Email: pierangelo.masarati(a)sys-net.it
------------------------------------------
5:38 a.m.
Pierangelo Masarati wrote:
Pierangelo Masarati wrote:
> I wonder why the auditContext is not implemented in slapo-accesslog.
> I needed it in a similar overlay to provide (sort-of-)consumers a
> means to locate the log db; should I port this fix to slapo-accesslog?
It wasn't something I needed at the time, it was only added to the draft
for completeness' sake. Sure, if you need it, go ahead and add it.
BTW, in its definition as in <draft-chu-ldap-logschema-01.txt>,
the
EQUALITY rule might be not strictly required. It could rather be
derived from namingContexts or, in analogy to it (because of
dSAOperation instead of directoryOperation; but, likely, auditContext
should be dSAOperation as well), it could simply be formulated without
any EQUALITY rule, indicating that it shouldn't be searched for (except
for presence), but rather looked up exactly in the naming context.
Yes, dSAOperation would make more sense.
It could be implemented using bi_operational(), which would allow to
return it only if requested; this, however, would prevent the
possibility to search it (even, if no EQUALITY is defined, for
presence). Otherwise we'd need to store it in the database; that
attribute could be registered at overlay startup and unregistered at
overlay shutdown. I don't like this much because one could remove the
overlay off-line, preventing it from unregistering the attribute,
polluting the database.
It doesn't seem to me that searching for presence on it makes much
sense. bi_operational() is probably fine.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc
OpenLDAP Core Team http://www.openldap.org/project/
6203
days inactive
6203
days old
2 comments
2 participants
participants (2)
-
Howard Chu -
Pierangelo Masarati