OpenLDAP
Up to top level
Build   Contrib   Development   Documentation   Historical   Incoming   Software Bugs   Software Enhancements   Web  

Logged in as guest

Viewing Software Enhancements/5654
Full headers

From: abartlet@samba.org
Subject: memberof syntax clunky
Compose comment
Download message
State:
0 replies:
1 followups: 1

Major security issue: yes  no

Notes:

Notification:


Date: Tue, 12 Aug 2008 05:33:44 GMT
From: abartlet@samba.org
To: openldap-its@OpenLDAP.org
Subject: memberof syntax clunky
Full_Name: Andrew Bartlett
Version: CVS HEAD
OS: Fedora 9
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (124.176.63.104)


As instructed by Howard:

From: 	Howard Chu <hyc@highlandsun.com>
To: 	samba-technical@lists.samba.org
Subject: 	Re: samba4-ol-mmr
Date: 	Mon, 11 Aug 2008 21:09:52 -0700 (Tue, 14:09 EST)



> # Generated from schema in /usr/local/samba/private/ldap/schema-tmp.ldb
> overlay memberof
> memberof-dn cn=samba-admin,cn=samba
> memberof-dangling error
> memberof-refint TRUE
> memberof-group-oc top
> memberof-member-ad msDS-ObjectReference
> memberof-memberof-ad msDS-ObjectReferenceBL
> memberof-dangling-error 32

(repeats once per attribute link)

...

Mmm, that's really clunky. Someone should file an OpenLDAP enhancement request 
on the memberof config syntax. You should only need to instantiate the overlay 
once, and then it should just take a list of oc/forward-ad/back-ad config 
options.

> Look closely at how we sub in memberof configuration into the
> slapd.conf.  I suggest that you could add a ${REPL_CONFIG} after each
> database, which the script could sub with either "" or by reading and
> subing in a slapd-replica.conf
-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/


Followup 1

Download message
Date: Sat, 20 Sep 2008 18:28:10 +0200
From: Pierangelo Masarati <ando@sys-net.it>
To: abartlet@samba.org
CC: openldap-its@openldap.org
Subject: Re: (ITS#5654) memberof syntax clunky
abartlet@samba.org wrote:
> Full_Name: Andrew Bartlett
> Version: CVS HEAD
> OS: Fedora 9
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (124.176.63.104)
> 
> 
> As instructed by Howard:
> 
> From: 	Howard Chu <hyc@highlandsun.com>
> To: 	samba-technical@lists.samba.org
> Subject: 	Re: samba4-ol-mmr
> Date: 	Mon, 11 Aug 2008 21:09:52 -0700 (Tue, 14:09 EST)
> 
> 
> 
>> # Generated from schema in /usr/local/samba/private/ldap/schema-tmp.ldb
>> overlay memberof
>> memberof-dn cn=samba-admin,cn=samba
>> memberof-dangling error
>> memberof-refint TRUE
>> memberof-group-oc top
>> memberof-member-ad msDS-ObjectReference
>> memberof-memberof-ad msDS-ObjectReferenceBL
>> memberof-dangling-error 32
> 
> (repeats once per attribute link)
> 
> ...
> 
> Mmm, that's really clunky. Someone should file an OpenLDAP enhancement
request 
> on the memberof config syntax. You should only need to instantiate the
overlay 
> once, and then it should just take a list of oc/forward-ad/back-ad config 
> options.
> 
>> Look closely at how we sub in memberof configuration into the
>> slapd.conf.  I suggest that you could add a ${REPL_CONFIG} after each
>> database, which the script could sub with either "" or by reading and
>> subing in a slapd-replica.conf

It's not the syntax that's clunky.  You're (ab)using slapo-memberof(5), 
which was designed to deal with *just one* pair of member/reverse-link 
attribute relationship.  Probably the overlay needs to be entirely 
reworked to provide a many-to-many relationship.  At this point, I'd 
rather design a new one, giving up some of the not so useful extra 
features implemented in slapo-memberof(5), and focusing on the 
many-to-many main requirement.

p.


Ing. Pierangelo Masarati
OpenLDAP Core Team

SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
-----------------------------------
Office:  +39 02 23998309
Mobile:  +39 333 4963172
Fax:     +39 0382 476497
Email:   ando@sys-net.it
-----------------------------------


Up to top level
Build   Contrib   Development   Documentation   Historical   Incoming   Software Bugs   Software Enhancements   Web  

Logged in as guest


The OpenLDAP Issue Tracking System uses a hacked version of JitterBug

______________
© Copyright 2013, OpenLDAP Foundation, info@OpenLDAP.org