[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#3953) Enhancement - changelog module



ando@sys-net.it wrote:
> A pointer to this ITS is now in the overlays page of the FAQ 
> <http://www.openldap.org/faq/data/cache/1257.html>; please complete at 
> will.  Two comments:
>
> 1) did you check it with HEAD/re23?  I think contributions targeted to 
> re22 may be of limited usefulness, and re23 allows much more expressive 
> use of overlays.
> 2) how does this relate to the accesslog overlay that is already 
> distributed with re23?  I suspect some overlapping.
>   
Yes, there's quite a bit of overlap.

I was looking at building this module to test and drop into contrib, but 
it needs a fair amount of updating.

For modules that tightly depend on specific schema we prefer that the 
module hardcode the schema rather than requiring a separate schema file.

This module uses the old config mechanism, it will need to be updated to 
use the new back-config mechanism.

As already noted, the changelog schema itself presents security 
difficulties since all of the information is stored as entire blobs in 
one or two attributes. As such, access control is an all-or-nothing 
affair, and even searching is of questionable utility here.

I'm thinking it may be better to merge the useful bits of this code into 
the accesslog overlay, and abandon the changelog schema.

-- 
  -- Howard Chu
  Chief Architect, Symas Corp.  http://www.symas.com
  Director, Highland Sun        http://highlandsun.com/hyc
  OpenLDAP Core Team            http://www.openldap.org/project/