Full_Name: Kartik Subbarao Version: 2.2.15 OS: Linux URL: ftp://ftp.openldap.org/incoming/kartik_subbarao-constraint-040819.tgz Submission from: (NULL) (69.240.143.154) I have uploaded Neil Dunbar's constraint overlay, and patches to auxiliary build files such as the Makefile.in in the overlays directory, the top level configure.in, and portable.h.in. The constraint overlay limits the values which can be placed into an attribute, over and above the limits placed by the schema. It traps only LDAP adds and modify commands (and only seeks to control the add and modify value mods of a modify). The constraint can be specified as a character set (e.g. US-ASCII) or as a regular expression.
moved from Incoming to Contrib
The first issue that concerned me is the charset constraint and use of iconv. The code appears to be incorrect because, if I understand the iconv API, it doing a conversion between X and X (where X is the specified charset to constrain to) instead of between UTF-8 encoded Unicode and X. Note that in slapd(8), attribute (and assertion) values of Directory String syntax (and other character string syntaxes) are stored as UTF-8 encoded Unicode. The second issue is that iconv(3) routines are not widely available (in default installs of supported operating system platforms). Hence, I suggest the code only include charset constraint support of iconv(3) is available. This implies a requirement to auto-detect iconv(3) existance to enable the feature. The third issue is that the module linking doesn't include -liconv (which existance should also be auto-detected). The fourth issue is documentation. A manpage should be provided. Another issue I have is whether this should be in slapd/overlays or in contrib/slapd-modules. But that's more of issue for the committers to resolve that you. Regards, Kurt At 10:12 PM 8/18/2004, kartik_subbarao@hp.com wrote: >Full_Name: Kartik Subbarao >Version: 2.2.15 >OS: Linux >URL: ftp://ftp.openldap.org/incoming/kartik_subbarao-constraint-040819.tgz >Submission from: (NULL) (69.240.143.154) > > >I have uploaded Neil Dunbar's constraint overlay, and patches to auxiliary build >files such as the Makefile.in in the overlays directory, the top level >configure.in, and portable.h.in. The constraint overlay limits the values which >can be placed into an attribute, over and above the limits placed by the schema. >It traps only LDAP adds and modify commands (and only seeks to control the add >and modify value mods of a modify). The constraint can be specified as a >character set (e.g. US-ASCII) or as a regular expression.
changed notes changed state Open to Feedback
Thanks for the feedback Kurt. Neil is the best person to respond on these points. He is on vacation right now, I believe till the end of August. He will respond when he gets back. Regards, -Kartik Kurt D. Zeilenga wrote: > The first issue that concerned me is the charset constraint > and use of iconv. The code appears to be incorrect because, > if I understand the iconv API, it doing a conversion between > X and X (where X is the specified charset to constrain to) > instead of between UTF-8 encoded Unicode and X. Note that > in slapd(8), attribute (and assertion) values of Directory > String syntax (and other character string syntaxes) are > stored as UTF-8 encoded Unicode. > > The second issue is that iconv(3) routines are not widely > available (in default installs of supported operating system > platforms). Hence, I suggest the code only include charset > constraint support of iconv(3) is available. This implies > a requirement to auto-detect iconv(3) existance to enable > the feature. > > The third issue is that the module linking doesn't include > -liconv (which existance should also be auto-detected). > > The fourth issue is documentation. A manpage should be provided. > > Another issue I have is whether this should be in slapd/overlays > or in contrib/slapd-modules. But that's more of issue for > the committers to resolve that you. > > Regards, Kurt > > > At 10:12 PM 8/18/2004, kartik_subbarao@hp.com wrote: > >>Full_Name: Kartik Subbarao >>Version: 2.2.15 >>OS: Linux >>URL: ftp://ftp.openldap.org/incoming/kartik_subbarao-constraint-040819.tgz >>Submission from: (NULL) (69.240.143.154) >> >> >>I have uploaded Neil Dunbar's constraint overlay, and patches to auxiliary build >>files such as the Makefile.in in the overlays directory, the top level >>configure.in, and portable.h.in. The constraint overlay limits the values which >>can be placed into an attribute, over and above the limits placed by the schema. >>It traps only LDAP adds and modify commands (and only seeks to control the add >>and modify value mods of a modify). The constraint can be specified as a >>character set (e.g. US-ASCII) or as a regular expression. > >
Please note that this ITS is 'suspended' pending response to: http://www.openldap.org/its/?findid=3292#followup1 Regard, Kurt
On Thu, 2004-10-21 at 21:24 +0000, Kurt Zeilenga wrote: > Please note that this ITS is 'suspended' pending response to: > http://www.openldap.org/its/?findid=3292#followup1 > Yes - I will clean it up (with responses and a man page) - don't have the time right now, but will as soon as I can. Cheers, Neil
Ping.
changed notes
On Tuesday 15 March 2005 02:15, Kurt Zeilenga wrote: > Ping. Yup - finally getting round to completing this work. Hey - it's only been 6 months! Man page will be written ASAP (hopefully tomorrow). I've decided to zap the iconv() stuff - so the constraint plugin simply applies regular expression constraint upon attributes. Since regex is already part of the OL autoconf process, I reckon this should impose no additional needs upon the core software. I'm also playing with the ability to store the constraints within the DIT (say with an auxiliary class "attributeConstrainingClass", which allows the optional attribute "attributeConstraint", whose form is "<attribute>=<regex>"). Not sure if this is useful, but since it would be entirely optional (and in fact inoperable without an additional schema file), it doesn't actually mandate changes which the directory admin wouldn't like. Since such a "meta-attribute" isn't defined in anyone's standard, I'll probably prefix it with "hp" and carve out some of our OID space. Cheers, Neil
neil.dunbar@hp.com wrote: >On Tuesday 15 March 2005 02:15, Kurt Zeilenga wrote: > > >>Ping. >> >> > >Yup - finally getting round to completing this work. Hey - it's only been 6 >months! Man page will be written ASAP (hopefully tomorrow). > >I've decided to zap the iconv() stuff - so the constraint plugin simply >applies regular expression constraint upon attributes. Since regex is already >part of the OL autoconf process, I reckon this should impose no additional >needs upon the core software. > >I'm also playing with the ability to store the constraints within the DIT (say >with an auxiliary class "attributeConstrainingClass", which allows the >optional attribute "attributeConstraint", whose form is >"<attribute>=<regex>"). Not sure if this is useful, but since it would be >entirely optional (and in fact inoperable without an additional schema file), > You could register it dynamically thru the overlay's bi_init() callback. See ppolicy for other schema registering code examples. > >it doesn't actually mandate changes which the directory admin wouldn't like. >Since such a "meta-attribute" isn't defined in anyone's standard, I'll >probably prefix it with "hp" and carve out some of our OID space. > > Maybe you could ask for some OpenLDAP-based OID registering (in the .666 space?). p. SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497
changed notes changed state Feedback to Closed
moved from Contrib to Archive.Contrib
Initial review provided. Author pinged. replaced by ITS#4463