[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: commit: ldap/servers/slapd acl.c aclparse.c ad.c controls.c repl.c search.c sessionlog.c slap.h
> -----Original Message-----
> From: owner-openldap-devel@OpenLDAP.org
> [mailto:owner-openldap-devel@OpenLDAP.org]On Behalf Of Pierangelo Masarati
> > I was just thinking that we need this functionality, but
> it's missing
> > something - for an excluded objectclass, it should also be
> excluded from
> > modify operations, not just add. E.g., if someone does a
> modify to add
> > an excluded objectclass to an entry, that modification
> should be dropped
> > from the replog.
>
> I think I'm overlooking the potential for its semantics;
> I think there can be many applications. I'll consider
> you suggestion.
Well, since the objectClasses were already excluded for Adds, I took the
absence of this behavior in Modifies as a bug (ITS#2889). It took a few
iterations to get this down to a reasonable shape. I also confused myself a
few times in the Boolean algebra for an_oc_exclude but I'm pretty sure it's
right now. I have this backported to RE21 as well, ready to go (if OK to
commit).
For objectClasses a, b, c, and d, my test cases are:
attrs=a,b,c propagates a,b,c
attrs=a,!b,c a,c,d
attrs=a,!b,!c a,d
attrs=!a,!b,!c d
attrs!=a,b,c d
attrs!=a,!b,c b
attrs!=a,!b,!c b,c
attrs!=!a,!b,!c a,b,c
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
http://www.symas.com http://highlandsun.com/hyc
Symas: Premier OpenSource Development and Support