Emmanuel Dreyfus wrote:
Howard Chu<[EMAIL PROTECTED]> wrote:
I recall we had a few ideas last year, but they came up a bit late. Anyone
still have some wish list items for this year?
External command execution overlay: it would enable calling
fork()/execve() for a set of (operation, baseDN, pré-condition,
post-condition). execve argument would allow substitution for various
input: %{dn}, %{uid}, and so on.
For now this can be acheived by setting up an accesslog overlay on a
shell backend and having a program filtering the produced LDIF, but it
is rather suboptimal, and everyone has to reinvent the wheel for the
LDIF filtering.
Have you looked at using back-sock instead of back-shell?
re: reinventing the wheel - this is true regardless. In order to provide a
rich enough interface to be useful, you need to be able to pass a lot of
parameters to the script/process on the other side, and that is going to
require a significant chunk of parsing code. At least with LDIF, the format is
already well-defined. (Though I agree that it's a pretty miserable format...)
I'm not sure what a useful LDIF parsing library should look like. Perhaps one
that parsed it into a chain of LDAPMessages.
(Perhaps that should be an SoC project too.)
I use it to allocate UID and GID automatically when a user is created,
and to setup homes and quotas on machines that need it.
fork/exec in a threaded program is still a dicy proposition, which is one of
the reasons we haven't gone there yet. It's also a good reason to phase out
back-shell, and promote back-sock instead.
It would probably be a small enough job to put an overlay wrapper around
back-sock (just like the chain overlay is a wrapper around back-ldap) with
some filtering/selection keywords.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
