[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: [ldapext] Representing LDAP protocol in LDAP
- To: Steve Trottier <strottier@novell.com>
- Subject: Re: [ldapext] Representing LDAP protocol in LDAP
- From: Howard Chu <hyc@highlandsun.com>
- Date: Thu, 02 Nov 2006 22:56:14 -0800
- Cc: ldapext@ietf.org
- In-reply-to: <43552C4B.0703.006F.0@novell.com>
- References: <s25e0ace.035@lucius.provo.novell.com> <425E68F6.4020702@highlandsun.com> <4352C613.3070908@highlandsun.com> <4354C6E9.0703.006F.0@novell.com> <43552317.3000700@highlandsun.com> <43552C4B.0703.006F.0@novell.com>
- User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a1) Gecko/20061029 Netscape/7.2 (ax) Firefox/1.5 SeaMonkey/1.5a
Steve Trottier wrote:
Thank you for those answers. Regarding where to put the operational
attribute with the DN of the audit container, I think either (or both)
would work. The preferred method would depend on what a client's purpose
would be in reading the audit information. If you wanted to see all
accesses or writes to a particular entry in the directory, then your
second suggestion of the attribute being available on all entries under
a naming context would be helpful because you could read the value of
the container directly from the entry of interest. If, however, your
purpose in reading the audit information was to replicate or synchronize
directory data, then you would probably just want a quick way to find
which container or containers you should poll for updates. Searching the
rootDSE for naming contexts and then the naming contexts for their audit
containers would work well in that case. Interestingly, these two
methods are very similar to the current methods of finding a
subschemasubentry, which makes sense.
I've added an operational attribute for this purpose to the draft. An
updated draft is available on
http://highlandsun.com/hyc/drafts; since it still depends on the
xordered draft which has more changes coming I'm holding off on
resubmitting it at the moment.
Aside from the new operational attribute, and updating RFC references,
not much has changed here.
Howard Chu <hyc@highlandsun.com> 10/18/2005 10:30:15 am >>>
... There is currently no formal mechanism to advertise the
availability of this feature. I realize that's a hole here.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc
OpenLDAP Core Team http://www.openldap.org/project/
_______________________________________________
Ldapext mailing list
Ldapext@ietf.org
https://www1.ietf.org/mailman/listinfo/ldapext