[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: new module overlay modtrigger
- To: "Howard Chu" <hyc@symas.com>
- Subject: Re: new module overlay modtrigger
- From: "Maarten Vanraes" <maarten.vanraes@gmail.com>
- Date: Fri, 22 Feb 2013 13:03:49 +0100
- Cc: Maarten Vanraes <maarten.vanraes@gmail.com>, openldap-technical@openldap.org
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=x-received:message-id:in-reply-to:references:date:subject:from:to :cc:user-agent:mime-version:content-type:content-transfer-encoding; bh=x2no6DaERSZOmF9P78wVvIeMcZlvdU3FGnCal1I2rV0=; b=eVcLnp0dQONf1mlELZkKO+QrrV8AIQ3QG8MBMeAk7e2jYMtr9UKXhJK0LnznGw23RH ywhQrvot4VDUEQmf2VVl99CRTYpHq1s69at3N70Mm45LbKuFfYh17XUJJ4wI4eT1bWdB DtoKPu3/GLP+/HjAVfBDKVayYCtlKcvL8XQtlGr+k9kc6DS8ANr1JM7X+i2MqWYFhEE2 PhY3b0GpcFCpNvFd6fEDegHbPv6/wW+Ijok6ft/F0RhobkvRYTU2oYA1U8byRipp2o7w lRu6ILsa8Hd72WWiCjoid01xVPN4NOiDOGWXWsC4NgSfK8LJF9OiOH+k9HwyhkFwxF0n JTAQ==
- In-reply-to: <51275C5B.9070303@symas.com>
- References: <0db9a0c933c4a095a295353b247e6285.squirrel@mail.rmail.be> <51275C5B.9070303@symas.com>
- User-agent: SquirrelMail/1.4.22
> Maarten Vanraes wrote:
>> Hey,
>>
>> a few years back i wrote an overlay module "modtrigger", that executes a
>> script on modifications.
>
> The preferred approach these days is to use slapo-sock.
>
> fork/exec is still risky on some threading implementations. This is also
> why
> back-shell is not recommended for general use.
>
>> Some of the comments i got was that it should really require to work
>> with
>> the new config structure.
>>
>> Finally i've done that, but i'm sure it could be improved.
>>
>> So, i'm kind of asking if someone can review it and give some pointers
>> to
>> improve.
>>
>> and next if it's possible to include in the openldap distribution, in
>> the
>> overlay section or contrib section.
>
> Thanks for the effort but I don't believe it would be a good idea to
> include
> this code for the above reasons.
ugh, great...
otoh, if back-shell is not recommended, then modtrigger could be there
anyway. if the system is properly shielded and limited (eg: cgroups), then
the sysadmin could actually use this, no?