[Date Prev][Date Next]
Re: (ITS#8267) contributing a new overlay unicodepw
- To: openldap-its@OpenLDAP.org
- Subject: Re: (ITS#8267) contributing a new overlay unicodepw
- From: firstname.lastname@example.org
- Date: Sun, 25 Oct 2015 08:28:31 +0000
- Auto-submitted: auto-generated (OpenLDAP-ITS)
Ingo Voss wrote:
> Am 17.10.2015 um 20:58 schrieb Howard Chu:
>> email@example.com wrote:
>>> Full_Name: Ingo Voss
>>> URL: ftp://ftp.openldap.org/incoming/contrib-slapd-modules-unicodepw.tar
>>> Submission from: (NULL) (220.127.116.11)
>>> I wrote a small overlay, that restricts all LDAP modification requests, so
>>> only password changes for MS unicodePwd are possible.
>>> All other LDAP requests will not be observed.
>>> If someone needs a read-only proxy (in a e.g. dmz) for an MS Active Directory,
>>> but password changes must be possible, then unicodepw is the right overlay.
>>> For more informations, a manual page is included.
>> If you want a read-only proxy, shouldn't this overlay also intercept and
>> deny all Add/Delete/ModDN requests?
> Yes, you are right! But such overlay (denyop) exist already and it is working
> The manual page for unicodepw refers to denyop and describes the complete
> configuration in detail.
This code is full of C++ comments. OpenLDAP uses C comments only.
This code is full of SPACEs for indentation. OpenLDAP uses TAB characters for
indentation, with 4-column tab stops.
Your debug messages are using STATS debug level. STATS is reserved for LDAP
operation/parameter logging only and is the default level. Code should be
silent at the default level unless major errors have occurred.
This code cannot be accepted in its current form.
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/