[Date Prev][Date Next]
Re: Test operations
I have the feeling it would be better to define a Test control that can
be added to any operation. Since the LDAP protocol is extensible,
defining things this way would mean you don't have to keep rewriting the
Test specification every time something else in LDAP is extended. Also,
since OpenLDAP (and other directory servers) provides ACL controls down
to individual values of an attribute, the only way for a Test operation
to be totally reliable is for it to exactly duplicate an actual LDAP
But I think the NoOp control can already satisfy this purpose.
Sébastien Bahloul wrote:
One month ago, I asked the list about integrating a new ACL model
(AACLs), which is currently in test phase, as an overlay.
Now I'm looking to write an extended operation based on the standard,
ACI or AACLs access model to allow operations testing.
The first point is about the need of such extended operation : what's
your feeling about that ? Mine is that it could be very interesting
because of the security model which is already defined in the LDAP
directory and could be reuse to avoid a specification of a different
model in the applications. So administrators would have to maintain
only one model which could be shared between severeals applications.
(The need of a different model between the directory and the
application could be satisfied by introducing a back-ldap instance
between them with a different security model)
Second point is about the implementation. I think the operation needs
three parameters :
- the operation (authentication, compare, search, read, modify, modify
RDN, add, delete)
- the entry DN (in creation, the first thing is to get the entry's
- a list of attributes or null (or the "entry" keyword)
And it have to return one boolean parameter (is the access allowed or
not ? for the write access on severels attributes, access would be
allowed, if and only if all attributes could be written)
Third point : does this operation need to precised as a draft ?
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
Symas: Premier OpenSource Development and Support