[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#8267) contributing a new overlay unicodepw



Ingo Voss wrote:
>
>
> Am 17.10.2015 um 20:58 schrieb Howard Chu:
>> ingo.voss@gmail.com wrote:
>>> Full_Name: Ingo Voss
>>> Version:
>>> OS:
>>> URL: ftp://ftp.openldap.org/incoming/contrib-slapd-modules-unicodepw.tar
>>> Submission from: (NULL) (78.53.86.212)
>>>
>>>
>>> Hello,
>>>
>>> I wrote a small overlay, that restricts all LDAP modification requests, so
>>> that
>>> only password changes for MS unicodePwd are possible.
>>> All  other  LDAP requests will not be observed.
>>> If someone needs a read-only proxy (in a e.g. dmz) for an MS Active Directory,
>>> but password changes must be possible, then unicodepw is the right overlay.
>>> For more informations, a manual page is included.
>>
>> If you want a read-only proxy, shouldn't this overlay also intercept and
>> deny all Add/Delete/ModDN requests?
>>
>
> Yes, you are right! But such overlay (denyop) exist already and it is working
> well.
> The manual page for unicodepw refers to denyop and describes the complete
> configuration in detail.

OK.

This code is full of C++ comments. OpenLDAP uses C comments only.

This code is full of SPACEs for indentation. OpenLDAP uses TAB characters for 
indentation, with 4-column tab stops.

Your debug messages are using STATS debug level. STATS is reserved for LDAP 
operation/parameter logging only and is the default level. Code should be 
silent at the default level unless major errors have occurred.

This code cannot be accepted in its current form.
-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/