Hi guys !
I have just a formal question : why can't we call the SchemaService
earlier ? The stack is usually the following :
- normalizationService (N°1, plain normal)
- authenticationService (N°2, make sense too)
- referralService
- authorizationService
- defaultAuthorizationService ( difference from the previous service ?)
- exceptionService ( what is it used for ?)
- operationalAttributeService
- schemaService <-- here we check that the entry is consistent
... (other services)
I wonder if we shouldn't acll schemaService just after the
authenticationService.
Why do I ask this question? Because while fixing some code in
AuthorizationService, I found that we are doing some checks that are
delegated to the schemaService. Typically, we are controling the
existence of an attributeType, and if not present, we check that this AT
is not requested by the MUST attribute of a specific ObjectClass. This
has two main drawbacks :
- we do the check twice (should not be a big deal though, because the
test is pretty fast, but anyway
- we are doing a wrong test : it's not enough to check that a specific
OC (here, it's the AccessControlSubentry OC) is not in the OC list for
this entry, because many other OC can contain this tested attribute
Ok, this is something very unlikely, but this can be seen as a potential
failure.
Now, I'm not sure that if we put the schemaService higher, it won't
break the whole server. So my question. If it's not possible, then I see
no other solution than to fix the AuthorizationService code (TupleCache
class) :)
Emmanuel
