[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: NO-USER-MODIFICATION and USAGE dSAOperation in custom schema

To: Michael Ströder <michael@stroeder.com>, openldap-technical@openldap.org
Subject: Re: NO-USER-MODIFICATION and USAGE dSAOperation in custom schema
From: Howard Chu <hyc@symas.com>
Date: Mon, 6 Nov 2017 14:02:58 +0000
In-reply-to: <WM!d41b198aeb01c38dfdc580abcee524fddde798284e91017238c6e65eada8e47f2a182b6b5900d706e888531f4f247e83!@mailstronghold-1.zmailcloud.com>
References: <f97650ff-7df0-25da-3c10-da87c0346a28@stroeder.com> <WM!d41b198aeb01c38dfdc580abcee524fddde798284e91017238c6e65eada8e47f2a182b6b5900d706e888531f4f247e83!@mailstronghold-1.zmailcloud.com>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:56.0) Gecko/20100101 Firefox/56.0 SeaMonkey/2.53a1

Michael Ströder wrote:

HI!

Why is it not allowed to use

   NO-USER-MODIFICATION
   USAGE dSAOperation

in an attribute type declaration?

Because such an operational attribute requires server-side code to actuallyimplement it, and you haven't got any means to provide that code. Customoperational attributes must be defined using code loaded in a module.


For OATH-LDAP I'd like to define a "virtual" attribute (actually to be
processed by back-sock listener) without having to write a slapd overlay.

attributetype ( oath-ldap-at:16
   NAME 'oathOTPValue'
   DESC 'OATH-LDAP: currently valid OTP value of a token'
   X-ORIGIN 'OATH-LDAP'
   SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
   EQUALITY integerMatch
   SINGLE-VALUE )
   NO-USER-MODIFICATION
   USAGE dSAOperation )

But slapd refuses to start:

5a00641b /home/michael/Proj/oath-ldap/oath-ldap.schema: line 241
(attributetype ( oath-ldap-at:16  NAME 'oathOTPValue'  DESC 'OATH-LDAP:
currently valid OTP value of a token or associated user entry (not
directly used)'  X-ORIGIN 'OATH-LDAP'  SYNTAX
1.3.6.1.4.1.1466.115.121.1.27  EQUALITY integerMatch  SINGLE-VALUE
NO-USER-MODIFICATION  USAGE dSAOperation ))
5a00641b /home/michael/Proj/oath-ldap/oath-ldap.schema: line 241
attributetype: "oath-ldap-at:16" is operational

Ciao, Michael.



--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/

Follow-Ups:
- Re: NO-USER-MODIFICATION and USAGE dSAOperation in custom schema
  - From: Howard Chu <hyc@symas.com>
- Re: NO-USER-MODIFICATION and USAGE dSAOperation in custom schema
  - From: Michael Ströder <michael@stroeder.com>

References:
- NO-USER-MODIFICATION and USAGE dSAOperation in custom schema
  - From: Michael Ströder <michael@stroeder.com>

Prev by Date: NO-USER-MODIFICATION and USAGE dSAOperation in custom schema
Next by Date: Re: NO-USER-MODIFICATION and USAGE dSAOperation in custom schema
Index(es):
- Chronological
- Thread