At 04:32 AM 8/19/2005, Pierangelo Masarati wrote: >Kurt D. Zeilenga wrote: > >>At 01:19 AM 8/19/2005, Pierangelo Masarati wrote: >> >> >>>Pierangelo Masarati wrote: >>> >>> >>> >>>>Possible solution: we could define a "proxy-undefined" attribute type that >>>>is not dsaOperation, but noUserMod, and derive from that the undefined >>>>attributes resulting from proxying. >>>> >>>The cleanest solution is to import the schema from the remote server. >>> >> >>I don't know if I'd call this a clean solution. Dealing with >>incomplete schema descriptions, unsupported/unknown matching rules >>and the like would be quite messy and dirty. >> >>I rather just treat unknown stuff as some pass-through blob >>(blob here imply that we would never do any matching against >>the values (which may have impact in ACLs and elsewhere)). >> >That's what I intend as doing some repairs. The issue is that those >"repaired" attributes that end up in the "undef" category are marked >dsaOperation and as such don't get returned by the same search that would >return them on the remote server.
I have no problem with having a 'repaired' attribute type for use here (using the undefined attribute elsewhere). Likely the documentation should make some comment as to how authorization to read repaired attributes is handled.... Kurt >p. > > > SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497
