On Fri, Dec 7, 2012 at 6:20 AM, Emmanuel Lécharny <[email protected]>wrote:
> Hi, > > I'm trying to add the entryDN operational attribute, as it's present in > OpenLDAP and we get it when setting up replication. This attribute is > computed on the fly, and can be used in attribute value assertion (cf > RFC 5020). > > We have to ways to implement this AT : > 1) In the OperationalAttributeInterceptor > 2) In the backend > > Here are the operation we have to do : > > Add operation : in any case, we must remove the EntryDN attribute, if > it's present, before we hit the backend > Modify operation : same thing > Rename operation : same thing > Move operation : nothing to do > Lookup operation : we have to add the entryDn, but only if the user has > requested it (+, or explicitely). > Search operation : for each entry, we have to add the EntryDn AT if > requested(+, or explicitely). > > I think it's easier, considering those constraints, to do the work, in > the backend. This may have some impact on the entry cache too. > > I will investigate a bit more on detail the two approach (I have played > a bit with both approaches, but haven't set my mind yet. > > any thoughts ? > > I prefer the first approach clubbed with modifying the BaseEntryFilteringCursor to inject entryDN attribute when requested > -- > Regards, > Cordialement, > Emmanuel Lécharny > www.iktek.com > > -- Kiran Ayyagari http://keydap.com
