[Date Prev][Date Next]
Re: (ITS#4316) proxycache attrsets
Pierangelo Masarati wrote:
>> Full_Name: Howard Chu
>> Version: 2.3
>> URL: ftp://ftp.openldap.org/incoming/
>> Submission from: (NULL) (184.108.40.206)
>> Submitted by: hyc
>> The Admin Guide example
>> indicates that an attrset will be used if it is a superset of the
>> present in a particular search query. However, the get_attr_set/attrscmp
>> functions will only match a set if it is exactly equal to the attrs in the
>> query. The documented behavior would certainly be more useful.
> I think this has been suggested many times (I'll dig in the archives) but
> AFAIR there was some technical answer which I don't recall that prevented
Actually, if you notice the find_supersets() function in the code, the
design was intended to behave as documented. It is simply broken.
>> It would make even more sense to always use all the attrs in the attrset
>> on the
>> remote query, so that they'll all be in the cache, regardless of what
>> subsets of
>> the attrset are used in a specific query.
> Don't forget access control issues; I think by playing with attrsets they
> can be limited, e.g. by only caching public searches or so. In any case,
> I'd leave the possibility to define attrsets.
I really don't see that allowing subsets of attrsets to work as desired
has any impact on the overall access control policies.
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc
OpenLDAP Core Team http://www.openldap.org/project/