[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: commit: ldap/servers/slapd acl.c aclparse.c ad.c controls.c repl.c search.c sessionlog.c slap.h

>> -----Original Message-----
>> From: owner-openldap-devel@OpenLDAP.org
>> [mailto:owner-openldap-devel@OpenLDAP.org]On Behalf Of Pierangelo
>> Masarati
>> > I was just thinking that we need this functionality, but
>> it's missing
>> > something - for an excluded objectclass, it should also be
>> excluded from
>> > modify operations, not just add. E.g., if someone does a
>> modify to add
>> > an excluded objectclass to an entry, that modification
>> should be dropped
>> > from the replog.
>> I think I'm overlooking the potential for its semantics;
>> I think there can be many applications.  I'll consider
>> you suggestion.
> Well, since the objectClasses were already excluded for Adds, I took the
> absence of this behavior in Modifies as a bug (ITS#2889). It took a few
> iterations to get this down to a reasonable shape. I also confused
> myself a few times in the Boolean algebra for an_oc_exclude but I'm
> pretty sure it's right now. I have this backported to RE21 as well,
> ready to go (if OK to commit).
> For objectClasses a, b, c, and d, my test cases are:
> 	attrs=a,b,c    propagates    a,b,c
> 	attrs=a,!b,c                 a,c,d
> 	attrs=a,!b,!c                a,d
> 	attrs=!a,!b,!c               d
> 	attrs!=a,b,c                 d
>        attrs!=a,!b,c                b
> 	attrs!=a,!b,!c               b,c
> 	attrs!=!a,!b,!c              a,b,c

I'm not going to recheck this, I trust you :)
The usage I was mainly concerned with, for the exclude bit,
was disjoint from without it; the case I mostly found it
useful was in using replog to replicate on another DSA
based on Lotus Notes, which required to eliminte some
objectClasses that were not relevant and required schema
modification.  Anyway I agree that your "maquillage" makes
it work reasonably and in a straightforward manner
general cases, which is a Good Thing.

Pierangelo Masarati