Nathan Kinder wrote:
Ok. A setting like "nsslapd-syntaxlogging: on/off" or something like that then. I guess ideally we should have "standard" syslog style log levels (e.g. fatal, critical, error, warn, notice, etc.) but that would require a lot of code changes and work on the log subsystem.Nathan Kinder wrote:Thinking about this some more, it may be best to have two separate config settings.Rich Megginson wrote:Sure, I can merge those into a single config parameter. I just made them separate since there is already a CONFIG_ON_OFF type that deals with things such as mapping "0/1" to "on/off". Perhaps it would be good to add a new generic config type of CONFIG_ON_OFF_WARN that can take values of "0/1/2" or "on/off/warn".Nathan Kinder wrote:I've been working on the design document for adding syntax validation support to Fedora DS. Feedback would be appreciated.Looks good. I think it would be better for nsslapd-syntaxcheck to have different values - off, warn, error, on- or something like that - rather than have another config parameter nsslapd-syntaxwarnhttp://directory.fedoraproject.org/wiki/Syntax_Validation_Design Thanks, -NGKThe warning isn't really a warning, but instead a log message for the administrator. Sending a warning message to the client is going to be of limited value as the client may not display the diagnosticMessage text from the LDAPResult for a successful operation. I found that the message text was not displayed with ldapmodify (both mozldap and openldap) for a successful modify operation that should trigger a warning, even in verbose mode. A true warning displayed to the client would be nice, but I don't see a way of making it happen without client side changes.Having two separate config settings allows one to only log messages, to log messages and disallow illegal values, and to just disallow illegal values without filling up the logs. I guess we could also just log the syntax errors at a different log level instead of having a second config setting.
Do you have any thoughts on the non-standard syntaxes that are mentioned in the design doc? The "Binary" syntax would be difficult to remove since it is used by 20 or so attributes, including most of the certificate related attributes. These attributes now have their own specific syntaxes, so we would have to add support for them before getting rid of the "Binary" syntax. I think that the "SpaceInsensitiveString" and "URI" syntaxes can be removed since "URI" isn't used by any of the default schema and "SpaceInsensitiveString" was added specifically for the Presence plug-in.-NGK-- Fedora-directory-devel mailing list Fedora-directory-devel@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-devel-------------------------------------------------------------------------- Fedora-directory-devel mailing list Fedora-directory-devel@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-devel-- Fedora-directory-devel mailing list Fedora-directory-devel@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-devel-- Fedora-directory-devel mailing list Fedora-directory-devel@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-devel
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
-- Fedora-directory-devel mailing list Fedora-directory-devel@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-devel
