Hi, I'm trying to add the entryDN operational attribute, as it's present in OpenLDAP and we get it when setting up replication. This attribute is computed on the fly, and can be used in attribute value assertion (cf RFC 5020).
We have to ways to implement this AT : 1) In the OperationalAttributeInterceptor 2) In the backend Here are the operation we have to do : Add operation : in any case, we must remove the EntryDN attribute, if it's present, before we hit the backend Modify operation : same thing Rename operation : same thing Move operation : nothing to do Lookup operation : we have to add the entryDn, but only if the user has requested it (+, or explicitely). Search operation : for each entry, we have to add the EntryDn AT if requested(+, or explicitely). I think it's easier, considering those constraints, to do the work, in the backend. This may have some impact on the entry cache too. I will investigate a bit more on detail the two approach (I have played a bit with both approaches, but haven't set my mind yet. any thoughts ? -- Regards, Cordialement, Emmanuel Lécharny www.iktek.com
