[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: auditContext in suffix entry?



Pierangelo Masarati wrote:
I wonder why the auditContext is not implemented in slapo-accesslog. I needed it in a similar overlay to provide (sort-of-)consumers a means to locate the log db; should I port this fix to slapo-accesslog?
BTW, in its definition as in <draft-chu-ldap-logschema-01.txt>, the EQUALITY rule might be not strictly required. It could rather be derived from namingContexts or, in analogy to it (because of dSAOperation instead of directoryOperation; but, likely, auditContext should be dSAOperation as well), it could simply be formulated without any EQUALITY rule, indicating that it shouldn't be searched for (except for presence), but rather looked up exactly in the naming context.

It could be implemented using bi_operational(), which would allow to return it only if requested; this, however, would prevent the possibility to search it (even, if no EQUALITY is defined, for presence). Otherwise we'd need to store it in the database; that attribute could be registered at overlay startup and unregistered at overlay shutdown. I don't like this much because one could remove the overlay off-line, preventing it from unregistering the attribute, polluting the database.

p.



Ing. Pierangelo Masarati
OpenLDAP Core Team

SysNet s.n.c.
Via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
------------------------------------------
Office:   +39.02.23998309
Mobile:   +39.333.4963172
Email:    pierangelo.masarati@sys-net.it
------------------------------------------