[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: [ldapext] Representing LDAP protocol in LDAP

Steve Trottier wrote:
Thank you for those answers. Regarding where to put the operational
attribute with the DN of the audit container, I think either (or both)
would work. The preferred method would depend on what a client's purpose
would be in reading the audit information. If you wanted to see all
accesses or writes to a particular entry in the directory, then your
second suggestion of the attribute being available on all entries under
a naming context would be helpful because you could read the value of
the container directly from the entry of interest. If, however, your
purpose in reading the audit information was to replicate or synchronize
directory data, then you would probably just want a quick way to find
which container or containers you should poll for updates. Searching the
rootDSE for naming contexts and then the naming contexts for their audit
containers would work well in that case. Interestingly, these two
methods are very similar to the current methods of finding a
subschemasubentry, which makes sense.

I've added an operational attribute for this purpose to the draft. An updated draft is available on
http://highlandsun.com/hyc/drafts; since it still depends on the xordered draft which has more changes coming I'm holding off on resubmitting it at the moment.

Aside from the new operational attribute, and updating RFC references, not much has changed here.

Howard Chu <hyc@highlandsun.com> 10/18/2005 10:30:15 am >>>
... There is currently no formal mechanism to advertise the availability of this feature. I realize that's a hole here.

--
 -- Howard Chu
 Chief Architect, Symas Corp.  http://www.symas.com
 Director, Highland Sun        http://highlandsun.com/hyc
 OpenLDAP Core Team            http://www.openldap.org/project/


_______________________________________________
Ldapext mailing list
Ldapext@ietf.org
https://www1.ietf.org/mailman/listinfo/ldapext