[Date Prev][Date Next] [Chronological] [Thread] [Top]

Rewrite of operational attrs (Was: (ITS#4211) back-relay goes into infinte loop, causing segfault)

This is OT for the ITS#4211 bug, but read below.

> ldap-dev0:/var/tmp/replica# cat slurpd.replog
> replica: ldap-dev3.stanford.edu:389
> replica: ldap-dev2.stanford.edu:389
> replica: ldap-dev1.stanford.edu:389
> time: 1132855201
> dn: cn=replica-config
> changetype: modify
> replace: olcIdleTimeout
> olcIdleTimeout: 15
> -
> replace: entryCSN
> entryCSN: 20051124180001Z#000000#00#000000
> -
> replace: modifiersName
> modifiersName: cn=updater,cn=replica-config
> -
> replace: modifyTimestamp
> modifyTimestamp: 20051124180001Z
> -

BTW, slapo-rwm should be smart enough to avoid rewriting the modifiersName
(or at least to provide the possibility to switch it off) to preserve the
signature of who did that operation.  Remapping can be altready excluded
by not configuring it for selected attrs, but DN rewriting occurs also for
operational attrs if slapo-rwm is configured on a shgadow database.  For
example, if one modifies a datum accessing the system thru a virtual name,
IMHO a trace of the virtual name should be preserved, although that name
had to be rewritten into the real one to have a successful bind within tht
naming context.

Maybe we should add a

        rwm-dn-norewrite <attr[list>

so that

        rwm-dn-norewrite creatorsName,modifiersName

can be used to disbale rewriting of selected attrs.


Pierangelo Masarati

Ing. Pierangelo Masarati
Responsabile Open Solution

SysNet s.n.c.
Via Dossi, 8 - 27100 Pavia - ITALIA
Office:   +39.02.23998309          
Mobile:   +39.333.4963172
Email:    pierangelo.masarati@sys-net.it