[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: 2.4.6 prov/con, delta-syncrepl and auditContext

To: Michael Ströder <michael@stroeder.com>
Subject: Re: 2.4.6 prov/con, delta-syncrepl and auditContext
From: Howard Chu <hyc@symas.com>
Date: Thu, 06 Dec 2007 08:15:17 -0800
Cc: Pierangelo Masarati <ando@sys-net.it>, openldap-software@openldap.org
In-reply-to: <47581667.9000700@stroeder.com>
References: <34259.212.159.59.85.1196787771.squirrel@webmail.suretecsystems.com> <778F1C75C8783F678EF35137@deus-ex.zimbra.com> <475590F1.2030501@sys-net.it> <47581667.9000700@stroeder.com>
User-agent: Mozilla/5.0 (X11; U; Linux i686; rv:1.9b2pre) Gecko/2007111122 SeaMonkey/2.0a1pre

Michael Ströder wrote:

Pierangelo Masarati wrote:

So, the only reason to have slapo-accesslog(5) built and loaded **BUT
NOT INSTANTIATED** on the __consumer__ (doesn't sound such strikingly
resource intensive a requirement) is to have this attribute defined in
the schema.  If this sounds so unreasonable, please suggest (and code) a
better strategy.


My feeling always was that hard-coding the schema elements into slapd
and/or the overlays was the wrong approach.

In many cases it is the only possible approach. Especially for operational attributes that may have particular semantics or side-effects, relying on an external schema definition that may go out of sync is error-prone and downright dangerous.

I would have rather required the inclusion of particular schema files in
slapd or loaded overlays by showing a error message about a missing
schema element during start-up. So one would not have to enable a
somewhat active component (even without explicitly instantiating it).

There is no such requirement. Especially in a situation like this, you can simply extract the schema definition from the provider and manually load it into the consumer.

Rather one would have to simply define the static schema element (by
including appropriate schema file or schema entries in case of
back-config being deployed).

Personally I think that's clumsy; whenever you have to touch more than 2 places in a configuration to activate a single feature, something is broken in the design. But if you like manually loading schema elements, there's nothing stopping you from doing so.

 I'm open to everything (including zapping auditContext
at all, unless anyone out there finds it useful and is actively using it).


web2ldap has a special plug-in class for this particular attribute. It
displays a short-cut link for listing the audit trail of a particular
entry by searching the access log database (reqDN=<entryDN>).


--
  -- Howard Chu
  Chief Architect, Symas Corp.  http://www.symas.com
  Director, Highland Sun        http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP     http://www.openldap.org/project/

Follow-Ups:
- Re: 2.4.6 prov/con, delta-syncrepl and auditContext
  - From: "Pierangelo Masarati" <ando@sys-net.it>

References:
- Re: 2.4.6 prov/con, delta-syncrepl and auditContext
  - From: "Gavin Henry" <ghenry@suretecsystems.com>
- Re: 2.4.6 prov/con, delta-syncrepl and auditContext
  - From: Quanah Gibson-Mount <quanah@zimbra.com>
- Re: 2.4.6 prov/con, delta-syncrepl and auditContext
  - From: Pierangelo Masarati <ando@sys-net.it>
- Re: 2.4.6 prov/con, delta-syncrepl and auditContext
  - From: Michael Ströder <michael@stroeder.com>

Prev by Date: RE: syncrepl - ldap_start_tls failed (-11)
Next by Date: Re: Active/Active servers
Index(es):
- Chronological
- Thread