Full_Name: Neil Dunbar Version: 2.2.27 OS: Ubuntu Linux URL: ftp://ftp.openldap.org/incoming/neil-dunbar-changelog-050818.tgz Submission from: (NULL) (213.239.234.49) Hi there, A small module enhancement, which provides a searchable changelog function, similar to the SunONE legacy changelog enhancement, documented in draft-good-changelog-04.txt (obsolete). Nothing fancy, but it does give a semi-decent way of doing directory event notification via persisitent search. Tarball is in Incoming. There's a preliminary manpage in there, as well as the schema files. Where OIDs have been used, they've either been taken from the I-D, or from Hewlett-Packard's OID space for directory schema information. Neil
neil.dunbar@hp.com wrote: >Hi there, > >A small module enhancement, which provides a searchable changelog function, >similar >to the SunONE legacy changelog enhancement, documented in >draft-good-changelog-04.txt >(obsolete). > >Nothing fancy, but it does give a semi-decent way of doing directory event >notification >via persisitent search. > >Tarball is in Incoming. There's a preliminary manpage in there, as well as the >schema >files. Where OIDs have been used, they've either been taken from the I-D, or >from >Hewlett-Packard's OID space for directory schema information. > > Hi. Either there's some problem with OpenLDAP's ftp, or you uploaded an empty file. Can you check please? Thanks, p. SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497
moved from Incoming to Contrib
At 10:02 AM 8/18/2005, ando@sys-net.it wrote: >neil.dunbar@hp.com wrote: > >>Hi there, >> >>A small module enhancement, which provides a searchable changelog function, >>similar >>to the SunONE legacy changelog enhancement, documented in >>draft-good-changelog-04.txt >>(obsolete). >> >>Nothing fancy, but it does give a semi-decent way of doing directory event >>notification >>via persisitent search. >> >>Tarball is in Incoming. There's a preliminary manpage in there, as well as the >>schema >>files. Where OIDs have been used, they've either been taken from the I-D, or >>from >>Hewlett-Packard's OID space for directory schema information. >> >> > >Hi. > >Either there's some problem with OpenLDAP's ftp, or you uploaded an >empty file. Can you check please? Looks like it was uploaded twice with the same name. First one is empty, the second (automatically named with a trailing .1) appears to be real thing. I've replaced the empty file with a symlink to the second. >Thanks, p. > > > SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497
A pointer to this ITS is now in the overlays page of the FAQ <http://www.openldap.org/faq/data/cache/1257.html>; please complete at will. Two comments: 1) did you check it with HEAD/re23? I think contributions targeted to re22 may be of limited usefulness, and re23 allows much more expressive use of overlays. 2) how does this relate to the accesslog overlay that is already distributed with re23? I suspect some overlapping. In any case, thanks for the contribution. p. SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497
ando@sys-net.it wrote: > A pointer to this ITS is now in the overlays page of the FAQ > <http://www.openldap.org/faq/data/cache/1257.html>; please complete at > will. Two comments: > > 1) did you check it with HEAD/re23? I think contributions targeted to > re22 may be of limited usefulness, and re23 allows much more expressive > use of overlays. > 2) how does this relate to the accesslog overlay that is already > distributed with re23? I suspect some overlapping. > Yes, there's quite a bit of overlap. I was looking at building this module to test and drop into contrib, but it needs a fair amount of updating. For modules that tightly depend on specific schema we prefer that the module hardcode the schema rather than requiring a separate schema file. This module uses the old config mechanism, it will need to be updated to use the new back-config mechanism. As already noted, the changelog schema itself presents security difficulties since all of the information is stored as entire blobs in one or two attributes. As such, access control is an all-or-nothing affair, and even searching is of questionable utility here. I'm thinking it may be better to merge the useful bits of this code into the accesslog overlay, and abandon the changelog schema. -- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc OpenLDAP Core Team http://www.openldap.org/project/
changed notes
neil.dunbar@hp.com wrote: > A small module enhancement, which provides a searchable changelog function, > similar > to the SunONE legacy changelog enhancement, documented in > draft-good-changelog-04.txt > (obsolete). > > Nothing fancy, but it does give a semi-decent way of doing directory event > notification > via persisitent search. > > Tarball is in Incoming. There's a preliminary manpage in there, as well as the > schema > files. Where OIDs have been used, they've either been taken from the I-D, or > from > Hewlett-Packard's OID space for directory schema information. > Neil, I'm working at integrating the changelog feature into OpenLDAP's accesslog overlay, along the lines of the recently submitted ITS#4656 contribution <http://www.openldap.org/its/?findid=4656>. However, I note that your implementation doesn't quite follow the draft-good-ldap-changelog, it rather seems to partially follow some sort of Netscape/Sun/whatever implementation, including stuff like firstChangeNumber, lastChangeNumber, changeCSN and so, which are pretty undocumented anywhere, as far as I understand. Could you provide any pointers to docs or so? Thanks, p. Ing. Pierangelo Masarati OpenLDAP Core Team SysNet s.n.c. Via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ------------------------------------------ Office: +39.02.23998309 Mobile: +39.333.4963172 Email: pierangelo.masarati@sys-net.it ------------------------------------------
ando@sys-net.it wrote: > neil.dunbar@hp.com wrote: >> A small module enhancement, which provides a searchable changelog function, >> similar >> to the SunONE legacy changelog enhancement, documented in >> draft-good-changelog-04.txt >> (obsolete). >> >> Nothing fancy, but it does give a semi-decent way of doing directory event >> notification >> via persisitent search. >> >> Tarball is in Incoming. There's a preliminary manpage in there, as well as the >> schema >> files. Where OIDs have been used, they've either been taken from the I-D, or >> from >> Hewlett-Packard's OID space for directory schema information. >> > Neil, > > I'm working at integrating the changelog feature into OpenLDAP's > accesslog overlay, along the lines of the recently submitted ITS#4656 > contribution <http://www.openldap.org/its/?findid=4656>. However, I > note that your implementation doesn't quite follow the > draft-good-ldap-changelog, it rather seems to partially follow some sort > of Netscape/Sun/whatever implementation, including stuff like > firstChangeNumber, lastChangeNumber, changeCSN and so, which are pretty > undocumented anywhere, as far as I understand. Could you provide any > pointers to docs or so? > > Thanks, p. For the record, I think implementing a several-years-obsoleted draft is a bad idea. -- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc OpenLDAP Core Team http://www.openldap.org/project/
see ITS#4656
The auditlog overlay generates something quite similar, and there's little value in supporting this at this point.