One thing which seems to be missing from the current back-shell/back-sock interface (and back-perl too for that matter) is access to state associated with the request. The most important thing for me is the bind DN of the user making the request. For example, a particular user might only be authorised to see a subset of entries; it would be more efficient to implement this in back-sock (e.g. by generating an appropriately-constrained SQL query) rather than generate all possible search results, and have slapd then filter out the ones the user is not permitted to see.
Also useful I think would be the source IP address of the connection (e.g. for audit logging in the backend), plus an indication of whether TLS is in use, especially for bind requests. I was thinking of sending these as additional LDIF meta-attributes in each message: what do you think? e.g. binddn: ... peername: ... tls: ... I'm happy to do this additional work, although I'd like to know if back-sock is going to be committed first. Thanks, Brian.
