[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#5872) slapo-cloak

Hallvard B Furuseth wrote:
> ando@sys-net.it writes:
>> On a related note, if this can be considered of general usefulness, LDAP 
>> specs would need to be changed in order to define a finer grain of 
>> attribute request; something like:
>> empty or "*" ; all user, except attrs that need to be explicitly req.
>> "+" ; all operational
>> <all including attrs that need to be explicitly requested>
>> <...>
> Would it be cleaner if slapo-cloak redefines the attributes to be
> operational, or to behave as if they are?  Maybe give them an
> X-AS-OPERATIONAL extension?  Or would that just mess up schema code,
> things like attribute inheritance?

I think things would mess up.  The X-AS-OPERATIONAL could help, although 
it would result in a modification of otherwise standard-track schema items.

Moreover, I see a number of features system administrators could ask 
for; e.g. hide attributes only when matching a URI (base, scope, 
filter), or based on size limit, or based on client's identity and so.

In this case, I'd keep schema out.


Ing. Pierangelo Masarati
OpenLDAP Core Team

SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
Office:  +39 02 23998309
Mobile:  +39 333 4963172
Fax:     +39 0382 476497
Email:   ando@sys-net.it