[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Enhancement: again on Netscape style changelog (ITS#4656)



ando@sys-net.it wrote:
> hyc@symas.com wrote:
>   
>> To Ando as well - be very careful with this. As noted in my accesslog 
>> draft, the changelog spec has some major security weaknesses, along with 
>> the rest of its shortcomings.
>>   
>>     
> I think I'm aware of all those issues.  One major point for spending 
> some time on this issue is that I happen to need supporting few clients 
> that want to use this feature.  I'll do my best to persuade the 
> implementors of those clients that supporting content synchronization 
> and/or accesslog as currently implemented in OpenLDAP is way much 
> better, but unfortunately I have no control on that, and it's very 
> unlikely that they will, based on the usual refrain "changelog is the de 
> facto standard" or things like that.
>   
I agree that implementing that spec means contributing to keeping it 
into life, but the point is that I have to face with closed source 
products which claim to support it and explicitly state in their 
documentation that they "can interoperate with: Netscape/iPlanet/Sun 
ONE; Active Directory; Lotus Domino; Exchange, while interoperability 
with OpenLDAP is not possible because it cannot store changes into the 
changelog", which we know it's not only incorrect, but also false: 
OpenLDAP provides better native (although coded into an open 
specification: RFC4533) means to synchronize than simply storing changes 
into a changelog.  Moreover, it provides native (although coded into an 
open specification: draft-chu-ldap-logschema) means to inform clients 
about modifications.  But many client implementors seem to willingly 
ignore this, so I need to keep supporting obsoleted de facto standard 
stuff, which, by the way, doesn't even agree with the contents of 
preliminary attempts to specify them in an open manner (see 
Netscape/iPlanet/Sun ONE, now Fedora DS "retroplugin" as opposed to 
draft-good-ldap-changelog)!

p.



Ing. Pierangelo Masarati
OpenLDAP Core Team

SysNet s.n.c.
Via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
------------------------------------------
Office:   +39.02.23998309
Mobile:   +39.333.4963172
Email:    pierangelo.masarati@sys-net.it
------------------------------------------