[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: PATCH: back-sock

One thing which seems to be missing from the current back-shell/back-sock
interface (and back-perl too for that matter) is access to state associated
with the request. The most important thing for me is the bind DN of the user
making the request. For example, a particular user might only be authorised
to see a subset of entries; it would be more efficient to implement this in
back-sock (e.g. by generating an appropriately-constrained SQL query) rather
than generate all possible search results, and have slapd then filter out
the ones the user is not permitted to see.

Also useful I think would be the source IP address of the connection (e.g.
for audit logging in the backend), plus an indication of whether TLS is in
use, especially for bind requests.

I was thinking of sending these as additional LDIF meta-attributes in each
message: what do you think? e.g.

binddn: ...
peername: ...
tls: ...

I'm happy to do this additional work, although I'd like to know if back-sock
is going to be committed first.