OpenLDAP
Up to top level
Build   Contrib   Development   Documentation   Historical   Incoming   Software Bugs   Software Enhancements   Web  

Logged in as guest

Viewing Contrib/3953
Full headers

From: neil.dunbar@hp.com
Subject: Enhancement - changelog module
Compose comment
Download message
State:
0 replies:
6 followups: 1 2 3 4 5 6

Major security issue: yes  no

Notes:

Notification:


Date: Thu, 18 Aug 2005 16:40:27 GMT
From: neil.dunbar@hp.com
To: openldap-its@OpenLDAP.org
Subject: Enhancement - changelog module
Full_Name: Neil Dunbar
Version: 2.2.27
OS: Ubuntu Linux
URL: ftp://ftp.openldap.org/incoming/neil-dunbar-changelog-050818.tgz
Submission from: (NULL) (213.239.234.49)


Hi there,

A small module enhancement, which provides a searchable changelog function,
similar
to the SunONE legacy changelog enhancement, documented in
draft-good-changelog-04.txt
(obsolete).

Nothing fancy, but it does give a semi-decent way of doing directory event
notification
via persisitent search.

Tarball is in Incoming. There's a preliminary manpage in there, as well as the
schema
files. Where OIDs have been used, they've either been taken from the I-D, or
from
Hewlett-Packard's OID space for directory schema information.

Neil


Followup 1

Download message
Date: Thu, 18 Aug 2005 18:57:07 +0200
From: Pierangelo Masarati <ando@sys-net.it>
To: neil.dunbar@hp.com
CC: openldap-its@OpenLDAP.org
Subject: Re: (ITS#3953) Enhancement - changelog module
neil.dunbar@hp.com wrote:

>Hi there,
>
>A small module enhancement, which provides a searchable changelog function,
>similar
>to the SunONE legacy changelog enhancement, documented in
>draft-good-changelog-04.txt
>(obsolete).
>
>Nothing fancy, but it does give a semi-decent way of doing directory event
>notification
>via persisitent search.
>
>Tarball is in Incoming. There's a preliminary manpage in there, as well as
the
>schema
>files. Where OIDs have been used, they've either been taken from the I-D, or
>from
>Hewlett-Packard's OID space for directory schema information.
>  
>

Hi.

Either there's some problem with OpenLDAP's ftp, or you uploaded an 
empty file.  Can you check please?

Thanks, p.


    SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497



Followup 2

Download message
Date: Thu, 18 Aug 2005 10:15:20 -0700
To: ando@sys-net.it
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Subject: Re: (ITS#3953) Enhancement - changelog module
Cc: openldap-its@OpenLDAP.org
At 10:02 AM 8/18/2005, ando@sys-net.it wrote:
>neil.dunbar@hp.com wrote:
>
>>Hi there,
>>
>>A small module enhancement, which provides a searchable changelog
function,
>>similar
>>to the SunONE legacy changelog enhancement, documented in
>>draft-good-changelog-04.txt
>>(obsolete).
>>
>>Nothing fancy, but it does give a semi-decent way of doing directory
event
>>notification
>>via persisitent search.
>>
>>Tarball is in Incoming. There's a preliminary manpage in there, as well
as the
>>schema
>>files. Where OIDs have been used, they've either been taken from the
I-D, or
>>from
>>Hewlett-Packard's OID space for directory schema information.
>>  
>>
>
>Hi.
>
>Either there's some problem with OpenLDAP's ftp, or you uploaded an 
>empty file.  Can you check please?

Looks like it was uploaded twice with the same name.
First one is empty, the second (automatically named with
a trailing .1) appears to be real thing.  I've replaced
the empty file with a symlink to the second.


>Thanks, p.
>
>
>    SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497



Followup 3

Download message
Date: Sat, 20 Aug 2005 15:00:22 +0200
From: Pierangelo Masarati <ando@sys-net.it>
To: neil.dunbar@hp.com
CC: openldap-its@OpenLDAP.org
Subject: Re: (ITS#3953) Enhancement - changelog module
A pointer to this ITS is now in the overlays page of the FAQ 
<http://www.openldap.org/faq/data/cache/1257.html>; please complete at 
will.  Two comments:

1) did you check it with HEAD/re23?  I think contributions targeted to 
re22 may be of limited usefulness, and re23 allows much more expressive 
use of overlays.
2) how does this relate to the accesslog overlay that is already 
distributed with re23?  I suspect some overlapping.

In any case, thanks for the contribution. p.


    SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497



Followup 4

Download message
Date: Wed, 14 Sep 2005 08:30:58 -0700
From: Howard Chu <hyc@symas.com>
To: Neil Dunbar <neil_dunbar@hp.com>
CC: openldap-its@OpenLDAP.org
Subject: Re: (ITS#3953) Enhancement - changelog module
ando@sys-net.it wrote:
> A pointer to this ITS is now in the overlays page of the FAQ 
> <http://www.openldap.org/faq/data/cache/1257.html>; please complete
at 
> will.  Two comments:
>
> 1) did you check it with HEAD/re23?  I think contributions targeted to 
> re22 may be of limited usefulness, and re23 allows much more expressive 
> use of overlays.
> 2) how does this relate to the accesslog overlay that is already 
> distributed with re23?  I suspect some overlapping.
>   
Yes, there's quite a bit of overlap.

I was looking at building this module to test and drop into contrib, but 
it needs a fair amount of updating.

For modules that tightly depend on specific schema we prefer that the 
module hardcode the schema rather than requiring a separate schema file.

This module uses the old config mechanism, it will need to be updated to 
use the new back-config mechanism.

As already noted, the changelog schema itself presents security 
difficulties since all of the information is stored as entire blobs in 
one or two attributes. As such, access control is an all-or-nothing 
affair, and even searching is of questionable utility here.

I'm thinking it may be better to merge the useful bits of this code into 
the accesslog overlay, and abandon the changelog schema.

-- 
  -- Howard Chu
  Chief Architect, Symas Corp.  http://www.symas.com
  Director, Highland Sun        http://highlandsun.com/hyc
  OpenLDAP Core Team            http://www.openldap.org/project/



Followup 5

Download message
Date: Sat, 02 Sep 2006 12:32:33 +0200
From: Pierangelo Masarati <ando@sys-net.it>
To: neil.dunbar@hp.com
CC: openldap-its@OpenLDAP.org
Subject: Re: (ITS#3953) Enhancement - changelog module
neil.dunbar@hp.com wrote:
> A small module enhancement, which provides a searchable changelog function,
> similar
> to the SunONE legacy changelog enhancement, documented in
> draft-good-changelog-04.txt
> (obsolete).
>
> Nothing fancy, but it does give a semi-decent way of doing directory event
> notification
> via persisitent search.
>
> Tarball is in Incoming. There's a preliminary manpage in there, as well as
the
> schema
> files. Where OIDs have been used, they've either been taken from the I-D,
or
> from
> Hewlett-Packard's OID space for directory schema information.
>   
Neil,

I'm working at integrating the changelog feature into OpenLDAP's 
accesslog overlay, along the lines of the recently submitted ITS#4656 
contribution <http://www.openldap.org/its/?findid=4656>.  However, I 
note that your implementation doesn't quite follow the 
draft-good-ldap-changelog, it rather seems to partially follow some sort 
of Netscape/Sun/whatever implementation, including stuff like 
firstChangeNumber, lastChangeNumber, changeCSN and so, which are pretty 
undocumented anywhere, as far as I understand.  Could you provide any 
pointers to docs or so?

Thanks, p.



Ing. Pierangelo Masarati
OpenLDAP Core Team

SysNet s.n.c.
Via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
------------------------------------------
Office:   +39.02.23998309
Mobile:   +39.333.4963172
Email:    pierangelo.masarati@sys-net.it
------------------------------------------



Followup 6

Download message
Date: Sat, 02 Sep 2006 05:03:01 -0700
From: Howard Chu <hyc@symas.com>
To: ando@sys-net.it
CC: openldap-its@OpenLDAP.org
Subject: Re: (ITS#3953) Enhancement - changelog module
ando@sys-net.it wrote:
> neil.dunbar@hp.com wrote:
>> A small module enhancement, which provides a searchable changelog
function,
>> similar
>> to the SunONE legacy changelog enhancement, documented in
>> draft-good-changelog-04.txt
>> (obsolete).
>>
>> Nothing fancy, but it does give a semi-decent way of doing directory
event
>> notification
>> via persisitent search.
>>
>> Tarball is in Incoming. There's a preliminary manpage in there, as well
as the
>> schema
>> files. Where OIDs have been used, they've either been taken from the
I-D, or
>> from
>> Hewlett-Packard's OID space for directory schema information.
>>   
> Neil,
> 
> I'm working at integrating the changelog feature into OpenLDAP's 
> accesslog overlay, along the lines of the recently submitted ITS#4656 
> contribution <http://www.openldap.org/its/?findid=4656>.  However, I 
> note that your implementation doesn't quite follow the 
> draft-good-ldap-changelog, it rather seems to partially follow some sort 
> of Netscape/Sun/whatever implementation, including stuff like 
> firstChangeNumber, lastChangeNumber, changeCSN and so, which are pretty 
> undocumented anywhere, as far as I understand.  Could you provide any 
> pointers to docs or so?
> 
> Thanks, p.

For the record, I think implementing a several-years-obsoleted draft is 
a bad idea.

-- 
   -- Howard Chu
   Chief Architect, Symas Corp.  http://www.symas.com
   Director, Highland Sun        http://highlandsun.com/hyc
   OpenLDAP Core Team            http://www.openldap.org/project/


Up to top level
Build   Contrib   Development   Documentation   Historical   Incoming   Software Bugs   Software Enhancements   Web  

Logged in as guest


The OpenLDAP Issue Tracking System uses a hacked version of JitterBug

______________
© Copyright 2013, OpenLDAP Foundation, info@OpenLDAP.org