[Date Prev][Date Next] [Chronological] [Thread] [Top]

password policy module

To: <openldap-devel@OpenLDAP.org>
Subject: password policy module
From: "Howard Chu" <hyc@highlandsun.com>
Date: Tue, 16 Mar 2004 01:36:32 -0800
Importance: Normal

I've committed our implementation of the LDAP Password Policy code, based on
draft-behera-ldap-password-policy-07, more or less. The draft still has a lot
of holes in it, and the code has a few as well, though it should at least
work without segfaulting.

I noticed the distinct need for a function "slap_add_control()" to add a
control to the list of response controls. Currently most code that touches
SlapReply->sr_ctrls assumes it is the only thing setting a control, so things
will break whenever multiple controls are applicable to a single response.
This should be a simple thing to fix.

There's also no convenient way for controls implemented outside of slapd to
assert their presence on an operation like the built-in controls do (e.g.,
op->o_noop). I think maybe a bitmap (op->o_ctrl_ids) would help here, with
each registered control getting its own bit. e.g. something like
	int register_supported_control( oid, mask, exops, parsefn, int *ID ) {
		...
	}

	parseFoo(<relevant args>) {
		...
		op->o_ctrl_ids[ID] = 1;
		...
	}

There are other issues more specific to the policy code itself, but they'll
have to wait until the spec gets hammered out a bit more.

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support

Follow-Ups:
- Re: password policy module
  - From: "Pierangelo Masarati" <ando@sys-net.it>

Prev by Date: back-monitor and dynamically generated entries...
Next by Date: Re: password policy module
Index(es):
- Chronological
- Thread