OpenLDAP
Up to top level
Build   Contrib   Development   Documentation   Historical   Incoming   Software Bugs   Software Enhancements   Web  

Logged in as guest

Viewing Software Enhancements/5693
Full headers

From: ando@sys-net.it
Subject: [enhancement] extension of slapo-translucent filtering approach
Compose comment
Download message
State:
0 replies:
1 followups: 1

Major security issue: yes  no

Notes:

Notification:


Date: Tue, 9 Sep 2008 15:45:07 GMT
From: ando@sys-net.it
To: openldap-its@OpenLDAP.org
Subject: [enhancement] extension of slapo-translucent filtering approach
Full_Name: Pierangelo Masarati
Version: irrelevant
OS: irrelevant
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (81.72.89.40)
Submitted by: ando


I see a few potential issues in current slapo-translucent(5) filtering
approach:

- if an attribute is marked as local, it will not be used to filter entries on
the remote server; however, that attribute might exist in entries on the remote
server, resulting in inconsistent search results

- the same is also true in the reverse case

in those cases, it might be helpful to let the same attribute be listed as local
*and* remote, acting accordingly.

Also, there is no way to indicate that some attributes are local and *all the
others* are remote (and viceversa); it is suggested to allow "*" (and "+"?), as
well as "1.1" to indicate no attributes.  Wildcards would take effect unless
attribute specifications are present.

I don't know, right now, how easy it would be to implement those enhancements;
I'm just noting them here as a reminder for a feature request.

p.


Followup 1

Download message
Subject: Re: (ITS#5693) [enhancement] extension of slapo-translucent
 filtering approach
From: "Wouter D'Haeseleer" <wdh@vasco.com>
To: openldap-its@OpenLDAP.org
Cc: ando@sys-net.it, masarati@aero.polimi.it
Date: Tue, 12 Oct 2010 11:35:58 +0200
Hi Pierangelo,

I want to override the objectclass of a remote server to extend it with
the attribute posixAccount
This works but when I search on the attribute objectclass=* the only
result giving me back i the ones with the local defined objectclass.

Is it this issue?

If so, can we do something about it?
is here an easy fix?

Thanks

Wouter




Up to top level
Build   Contrib   Development   Documentation   Historical   Incoming   Software Bugs   Software Enhancements   Web  

Logged in as guest


The OpenLDAP Issue Tracking System uses a hacked version of JitterBug

______________
© Copyright 2013, OpenLDAP Foundation, info@OpenLDAP.org