Full_Name: Brian Candler Version: HEAD OS: FreeBSD 5.4-RELEASE URL: http://psg.com/~brian/software/openldap-backshell-conn.patch Submission from: (NULL) (212.74.113.67) This is an enhancement to add extra meta-attributes to requests sent to back-shell modules. They are: binddn: <currect connection bound DN> peername: <connection peer IP address> ssf: <connection SSF value> Note: the UNBIND command now sends the current bind DN twice, as 'binddn:' and 'dn:' Dropping the 'dn:' line would make things cleaner, at the slight risk of not being backwards-compatible (is there anything useful you can do in back-shell for an UNBIND request though??)
I note that patch does not contain a IPR statement as required by our contributing guidelines. Please add an appropriate statement to the top of the patch file. See <http://www.openldap.org/devel/contributing.html> for details. The changes would likely break some existing uses of back-shell. I think it would be good to only send additional fields when configured to do so. I would suggest adding an extensible configuration option so that if someone else desires to further extend back-shell with additional fields, they can share the same configuration mechanism. Something like: extensions binddn peername ssf would do. Regards, Kurt At 06:57 AM 10/16/2005, b.candler@pobox.com wrote: >Full_Name: Brian Candler >Version: HEAD >OS: FreeBSD 5.4-RELEASE >URL: http://psg.com/~brian/software/openldap-backshell-conn.patch >Submission from: (NULL) (212.74.113.67) > > >This is an enhancement to add extra meta-attributes to requests sent to >back-shell modules. They are: > >binddn: <currect connection bound DN> >peername: <connection peer IP address> >ssf: <connection SSF value> > >Note: the UNBIND command now sends the current bind DN twice, as 'binddn:' and >'dn:' >Dropping the 'dn:' line would make things cleaner, at the slight risk of not >being backwards-compatible (is there anything useful you can do in back-shell >for an UNBIND request though??)
Kurt@OpenLDAP.org writes: > The changes would likely break some existing uses of back-shell. > I think it would be good to only send additional fields when > configured to do so. After Brian's message about missing state info, I've been wondering if some common API for back-sock, back-shell and maybe even back-perl would be useful for "translating" between slapd info and backend info, including how to configure what to send. Would probably need some callbacks to the backend-specific details. -- Hallvard
changed notes changed state Open to Feedback
moved from Incoming to Contrib
On Mon, Oct 17, 2005 at 10:20:13AM -0700, Kurt D. Zeilenga wrote: > I note that patch does not contain a IPR statement as required > by our contributing guidelines. Please add an appropriate > statement to the top of the patch file. See <http://www.openldap.org/devel/contributing.html> > for details. > > The changes would likely break some existing uses of back-shell. > I think it would be good to only send additional fields when > configured to do so. I would suggest adding an extensible > configuration option so that if someone else desires to further > extend back-shell with additional fields, they can share the > same configuration mechanism. Something like: > > extensions binddn peername ssf > > would do. Patch updated to fix both points. http://psg.com/~brian/software/openldap-backshell-conn.patch
changed notes changed state Feedback to Open
Created attachment 590 [details] Patch for issue
back-shell is retired for OpenLDAP 2.5 and later, closing.