[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: back-config, includes



Howard Chu wrote:

For multi-valued attributes, adding the extension "X-ORDERED 'VALUES'" means to maintain the numeric index for all of the values of the attribute. Regardless of the order in which values are stored in the underlying database, the values will be sorted by their index values before being returned to a client. Also, the numeric index may be used instead of/in addition to the value in modify ops. (And maybe filter assertions? Might be useful for valueReturn...) Otherwise, if the numeric index is absent from the assertion value, it is ignored in comparisons.

So if we have this entry

dn: olcDatabase={1}bdb,cn=config
olcDatabase: {1}bdb
objectClass: bdbConfig
olcSuffix: {0}dc=example,dc=com
olcSuffix: {1}o=example.com

We can perform these Modify operations:

dn: olcDatabase={1}bdb,cn=config
changetype: modify
delete: olcSuffix
olcSuffix: {0}
-
(Delete the first suffix, regardless of its value. All other values are bumped up one position.)


delete: olcSuffix
olcSuffix: dc=example,dc=com
-
(Delete the suffix that matches the value, regardless of its index)

delete: olcSuffix
olcSuffix: {0}dc=example,dc=com
-
(Both index and value must match...)

add: olcSuffix
olcSuffix: o=example.org
-
(Add the new value, appended to the end)

add: olcSuffix
olcSuffix: {0}o=example.org
-
(Add the new value as value #0. All other values are bumped down one position.)


The Suffix example is pretty trivial; ACL editing is where this really makes a difference between usability and sheer torture...


Just a note - this X-ORDERED 'VALUES' schema extension is now implemented in the slapd frontend, so it can be used by any backend, not just back-config. One thing to note is that values are renumbered after each modify sub-op, so if you do Adds and Deletes in the same request, and the Adds are done first, you may not get what you expected. e.g.

olcAccess: {0}to attr=userpassword by self write by * auth
olcAccess: {1}to attr=name by * read
olcAccess: {2}to dn.subtree="ou=foo,o=bar" by group="cn=foo admin,o=bar" write
olcAccess: {3}to attr=entry by dnattr=creatorsname write


add: olcAccess
olcAccess: {1}to attr=uid by * read
olcAccess: {1}to dn.exact="ou=baz,o=bar" by * read
-
delete: olcAccess
olcAccess: {2}
olcAccess: {1}
-

If the Adds are done first, then the Delete will simply remove the two values that were just Added. If the Deletes are done first, then the original {1} and {2} values will be removed.

Also, Adds are effectively renumbered upon each added value. So in this example, the values after the Adds complete will be

olcAccess: {0}to attr=userpassword by self write by * auth
olcAccess: {1}to dn.exact="ou=baz,o=bar" by * read
olcAccess: {2}to attr=uid by * read
olcAccess: {3}to attr=name by * read
olcAccess: {4}to dn.subtree="ou=foo,o=bar" by group="cn=foo admin,o=bar" write
olcAccess: {5}to attr=entry by dnattr=creatorsname write


--
 -- Howard Chu
 Chief Architect, Symas Corp.       Director, Highland Sun
 http://www.symas.com               http://highlandsun.com/hyc
 Symas: Premier OpenSource Development and Support