Some more comments on a sub-set of the attributes. Quanah Gibson-Mount wrote: > olcReferral -- case ignore match?
It's already declared SUP labeledURI and therefore has caseExactMatch. This makes sense because it could specify an LDAPI URL with case-sensitive socket path name. > olcRootPw -- case exact match? Any EQUALITY matching rule needed at all? If yes, use EQUALITY octetStringMatch as with userPassword. > olcTCPBuffer -- case ignore match? Also might contain listener URL. So maybe same like olcReferral even though an LDAPI URI does not make sense with TCP buffers? > olcTLSCipherSuite -- case ignore match? I don't have a strong opinion on that because I don't have an oversight how the supported crypto libs treat this strings. > olcTLSSECName -- case ignore match? ??? Cannot find this in 2.4 schema. Is that new in 2.5? > olcTLSProtocolMin -- case ignore match? > > ---------------- BACKENDS ----------------------- > --- back-asyncmeta > olcDbURI -- case ignore match? Same like olcReferral. > olcDbURI -- case ignore match? Same like olcReferral for back-ldap and back-meta. > --- back-sql > olcDbHost -- case ignore match? This could also contain a Unix domain socket? If yes, caseExactMatch. > olcDbName -- case ignore match? Hmm, I'm not sure. Also not sure about all the attrs containing SQL statements. > --- dds.c > olcDDSmaxTtl -- case ignore match? > olcDDSminTtl -- case ignore match? > olcDDSdefaultTtl -- case ignore match? > olcDDSinterval -- case ignore match? > olcDDStolerance -- case ignore match? Why are the TTL attributes strings at all? I see no reason why there are not defined as Integer syntax. > --- memberof.c > olcMemberOfDangling -- case ignore match? This serves as a good example for an enum type. I'd argue that it should be limited to this particular set of lower-cased values. > olcMemberOfGroupOC -- case ignore match? > olcMemberOfMemberAD -- case ignore match? > olcMemberOfMemberOfAD -- case ignore match? AFAICS these always reference a single object class or attribute type. So why not declare them with syntax OID? Same suggestion for similar attributes of other overlays. > olcMemberOfDanglingError -- case ignore match? Is this just the LDAP error code? If yes, define it as Integer. Ciao, Michael.
smime.p7s
Description: S/MIME Cryptographic Signature