[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: denyop

To: <ando@sys-net.it>
Subject: RE: denyop
From: "Howard Chu" <hyc@highlandsun.com>
Date: Thu, 6 May 2004 00:21:16 -0700
Cc: <Kurt@OpenLDAP.org>, <openldap-devel@OpenLDAP.org>
Importance: Normal
In-reply-to: <63766.81.72.89.40.1083827488.squirrel@webmail.sys-net.it>

> -----Original Message-----
> From: Pierangelo Masarati [mailto:ando@sys-net.it]

> > I suppose we could define a separate flag for
> SLAP_RESTRICT_OP_WRITE and
> > include it in SLAP_RESTRICT_OP_WRITES. At the moment I'm not too
> > concerned about it. However, we have a hole in here at the moment
> > because
> > SLAP_RESTRICT_OP_WRITES doesn't catch EXOP_MODIFY_PASSWD
> and probably
> > should.
>
> That's mostly the solution I was about to move towards,
> to allow readOnly to be enabled/disabled leaving the
> previous granular restrictions unchanged.  I'd also
> like to centralize (at the frontend) an exop structure
> that avoids the duplications we're having of static OID
> bervals plus flags, function pointes and so.  At the same
> time, I'd like to add a "does write" flag to those exops
> that require it, so that they can be captured by readOnly.

Sounds good.

If any other Writing exops come along, and their changes can't easily be
mapped into existing Add/Modify ops, we're going to need a way to represent
them in a log/LDIF (replog or auditlog)...

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support

References:
- RE: denyop (Was: commit: ldap/servers/slapd/back-monitor back-monitor.h database.c init.c proto-back-monitor.h)
  - From: "Pierangelo Masarati" <ando@sys-net.it>

Prev by Date: RE: denyop (Was: commit: ldap/servers/slapd/back-monitor back-monitor.h database.c init.c proto-back-monitor.h)
Next by Date: slapacl
Index(es):
- Chronological
- Thread