[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ITS#8286 pending questions

To: Quanah Gibson-Mount <quanah@symas.com>, openldap-devel@openldap.org
Subject: Re: ITS#8286 pending questions
From: Michael Ströder <michael@stroeder.com>
Date: Wed, 30 May 2018 10:40:09 +0200
Autocrypt: addr=michael@stroeder.com; prefer-encrypt=mutual; keydata= xsBNBFbdnRoBCADj0vYA4aRwKJ6AE4mf8oElLgMT/1eLNKpJ2FYBWcwj9d8dTk5/p9b8DRxy S/qQIUUZqt9xRFZwUCm0vFeQMRDeN9xzAKoRzrJifoDOacOjG1lhZTKYvVZGgUT89Ao3QeHh Q7gPzcAKNoueoR2y3FXStOYuRrbk5PlSjVAITjsotgc7PWE9mmVYpeu8a+byK/DBHKUyolOA 1UXYvDa7MbPhMtdNm8qnwtKs1Vsyk1VkErM+5cIe+zTT6WYQcmZMRjCtWGiFTzk9W6Mdlskk WRTKhKNgokTsgcy1ecaCBUZWxv/SyXgD81+rwRi9b8Px+1reg43ayxi8sV7jrI1feybbABEB AAHNJ01pY2hhZWwgU3Ryw7ZkZXIgPG1pY2hhZWxAc3Ryb2VkZXIuY29tPsLAdwQTAQgAIQUC Vt2dGgIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRAH3HrjaovJOFpTCACjO773gcmJ KvzjiNpUFl/gANyaJgIq4VbMQ7VthRb1F9X6YbdJ6Z99ntyESjGFCpjofcSomr2vJDpv6ht+ lY33yo20YwsMpqe2OeId0jPybG+FtabKjgBNoAk7iqnBGUvE4t0dz0n1LQVCQR2jxyTKmcNq OYpsRZ3H+6kWwJMuVgsNZglINVZ8JgV5QuLYN5jhYz+pOuFnU11bV6nWREvzZXzebe7g7Zus 6AsWjtJ0lDvgBNzLlF3/eFrVch6Bejs0SvuFseIdZQk+4YU6Rb8xul/jDFXIfo7eTmijO3dV T5AmC1cUi8czncwpgAJnEH8vYv23RoN/aw2gSMCS2huIzsBNBFbdnRoBCAC7L1cTVBVZZuM/ yxSUM5CsgGBlTD1Cr7C2ngZFsHSYXVLq6NUB8GZA2iLK96CrwnFw4/Jjz4llOjc50iVRMQKL RyFWOJAMrpPq2ew5T+Uoo524D//dwVbqkFVVuvM8NPiKIDyPGCjP+acM1D8hXwhOXgQ8Iz8Q 3/GRSYjitn9JrkF0ia2nhariznBKVu0LDffxF/hOCx45+QRR2/rYYlshfZMB7nEJX9P+hVfM CSzltz9Z8CldeUbiJvnyrISReR2XBw9oh8JkIUP0BtpIaify9A7EfzOk+W9BUnWe+YwdSUsB fJxOhSv+umyW5GMqZGFu+4oYnkzbe+1LUs1JarCtABEBAAHCwF8EGAEIAAkFAlbdnRoCGwwA CgkQB9x642qLyTjEUgf+JX6Atatl/QKe37yCj1OZYNPd3B0rPLJRF5mEmrADRXLZC9+uFeDS Wxxln040gnR6rjBHrRcvVmlTDiZY26iuL16+V+0/aZ9uyXNQSzk2cwDSiI/8gvr72Y+FN5fh cGXpeNHxHilYc9onzDhxyE76cwzqTKm4q2ULIH2u9IHQ5O86Fv6nHPYhe2fy1bhQapNwi/Xl 3G3i2WNH/w7m+1zWU1IddZOjmXzoxLT1BATwXGa0Tt5RjVb2mM1Wg3Zj6kqFkF2vvKcvrwj0 q0Ap5uyfN5m0uWzQMCMoaV9HQf7f5MkS1lnwBqDgnojjVAieX5uk7olUiRuPKHMfhvXulYP8 AA==
In-reply-to: <5059E5BBD9A15C0BCFFDCEA9@[192.168.1.10]>
Openpgp: id=43C8730E84A20E560722806C07DC7AE36A8BC938
References: <5059E5BBD9A15C0BCFFDCEA9@[192.168.1.10]>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 SeaMonkey/2.49.3

Some more comments on a sub-set of the attributes.

Quanah Gibson-Mount wrote:
> olcReferral -- case ignore match?

It's already declared SUP labeledURI and therefore has caseExactMatch.
This makes sense because it could specify an LDAPI URL with
case-sensitive socket path name.

> olcRootPw -- case exact match?

Any EQUALITY matching rule needed at all?
If yes, use EQUALITY octetStringMatch as with userPassword.

> olcTCPBuffer -- case ignore match?

Also might contain listener URL. So maybe same like olcReferral even
though an LDAPI URI does not make sense with TCP buffers?

> olcTLSCipherSuite -- case ignore match?

I don't have a strong opinion on that because I don't have an oversight
how the supported crypto libs treat this strings.

> olcTLSSECName -- case ignore match?

??? Cannot find this in 2.4 schema. Is that new in 2.5?

> olcTLSProtocolMin -- case ignore match?
> 
> ---------------- BACKENDS -----------------------
> --- back-asyncmeta
> olcDbURI -- case ignore match?

Same like olcReferral.

> olcDbURI -- case ignore match?

Same like olcReferral for back-ldap and back-meta.

> --- back-sql
> olcDbHost -- case ignore match?

This could also contain a Unix domain socket?
If yes, caseExactMatch.

> olcDbName -- case ignore match?

Hmm, I'm not sure. Also not sure about all the attrs containing SQL
statements.

> --- dds.c
> olcDDSmaxTtl -- case ignore match?
> olcDDSminTtl -- case ignore match?
> olcDDSdefaultTtl -- case ignore match?
> olcDDSinterval -- case ignore match?
> olcDDStolerance -- case ignore match?

Why are the TTL attributes strings at all? I see no reason why there are
not defined as Integer syntax.

> --- memberof.c
> olcMemberOfDangling -- case ignore match?

This serves as a good example for an enum type. I'd argue that it should
be limited to this particular set of lower-cased values.

> olcMemberOfGroupOC -- case ignore match?
> olcMemberOfMemberAD -- case ignore match?
> olcMemberOfMemberOfAD -- case ignore match?

AFAICS these always reference a single object class or attribute type.
So why not declare them with syntax OID?
Same suggestion for similar attributes of other overlays.

> olcMemberOfDanglingError -- case ignore match?

Is this just the LDAP error code?
If yes, define it as Integer.

Ciao, Michael.

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Follow-Ups:
- Re: ITS#8286 pending questions
  - From: Quanah Gibson-Mount <quanah@symas.com>

References:
- ITS#8286 pending questions
  - From: Quanah Gibson-Mount <quanah@symas.com>

Prev by Date: Re: ITS#8286 pending questions
Next by Date: Re: ITS#8286 pending questions
Index(es):
- Chronological
- Thread