You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@directory.apache.org by "Torsten Rehn (JIRA)" <ji...@apache.org> on 2009/08/31 11:03:33 UTC

[jira] Created: (DIRSTUDIO-528) Handle schema extension used for OpenLDAP attribute ordering

Handle schema extension used for OpenLDAP attribute ordering
------------------------------------------------------------

                 Key: DIRSTUDIO-528
                 URL: https://issues.apache.org/jira/browse/DIRSTUDIO-528
             Project: Directory Studio
          Issue Type: Improvement
          Components: studio-ldapbrowser
    Affects Versions: 1.4.0
            Reporter: Torsten Rehn


>From the OpenLDAP docs:

"Since the ordering of olcAccess directives is essential to their proper evaluation, but LDAP attributes normally do not preserve the ordering of their values, OpenLDAP uses a custom schema extension to maintain a fixed ordering of these values. This ordering is maintained by prepending a "{X}" numeric index to each value [...]"

I don't know if ADStudio intends to support this, but if it does: it's a mess right now. Editing and reordering those attributes is almost impossible. This is really needed when editing access rules set via olcAccess in cn=config. Are there any plans for handling those attributes better? The current situation makes me want to go back to slapd.conf.

My guess is that this would require some special editor that reads all values of the attribute being edited, strips the curly braced indexes and uses "changetype: replace" to modify the entire attribute instead of a single value.

I understand that OpenLDAP is probably not your main concern, but it would be nice.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Re: [jira] Created: (DIRSTUDIO-528) Handle schema extension used for OpenLDAP attribute ordering

Posted by Howard Chu <hy...@symas.com>.
Torsten Rehn (JIRA) wrote:
> Handle schema extension used for OpenLDAP attribute ordering
> ------------------------------------------------------------
>
>                   Key: DIRSTUDIO-528
>                   URL: https://issues.apache.org/jira/browse/DIRSTUDIO-528
>               Project: Directory Studio
>            Issue Type: Improvement
>            Components: studio-ldapbrowser
>      Affects Versions: 1.4.0
>              Reporter: Torsten Rehn
>
>
>> From the OpenLDAP docs:
>
> "Since the ordering of olcAccess directives is essential to their proper
evaluation, but LDAP attributes normally do not preserve the ordering of their
values, OpenLDAP uses a custom schema extension to maintain a fixed ordering
of these values. This ordering is maintained by prepending a "{X}" numeric
index to each value [...]"

The format is fully documented in this draft:

http://highlandsun.com/hyc/drafts/draft-chu-ldap-xordered-xx.html

I suppose at some point I should repost it to be published as an Informational 
RFC...

> I don't know if ADStudio intends to support this, but if it does: it's a
mess right now. Editing and reordering those attributes is almost impossible.
This is really needed when editing access rules set via olcAccess in
cn=config. Are there any plans for handling those attributes better? The
current situation makes me want to go back to slapd.conf.
>
> My guess is that this would require some special editor that reads all
values of the attribute being edited, strips the curly braced indexes and uses
"changetype: replace" to modify the entire attribute instead of a single value.
>
> I understand that OpenLDAP is probably not your main concern, but it would
be nice.

Unfortunately the current behavior in OpenLDAP is so far from standard it can 
be a pain to implement in a schema-aware system. There were some issues with 
it that stopped the original draft from moving forward as a Standards Track 
document. But since we'd already implemented it I didn't have the motivation 
to fix the nits... Might be worth revisiting this on the ietf-ldapext mailing 
list.

-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/

[jira] Commented: (DIRSTUDIO-528) Handle schema extension used for OpenLDAP attribute ordering

Posted by "Aleksander Adamowski (JIRA)" <ji...@apache.org>.
    [ https://issues.apache.org/jira/browse/DIRSTUDIO-528?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12772548#action_12772548 ] 

Aleksander Adamowski commented on DIRSTUDIO-528:
------------------------------------------------

Opened a JIRA issue covering reordering support in LDAP browser/editor: DIRSTUDIO-579

> Handle schema extension used for OpenLDAP attribute ordering
> ------------------------------------------------------------
>
>                 Key: DIRSTUDIO-528
>                 URL: https://issues.apache.org/jira/browse/DIRSTUDIO-528
>             Project: Directory Studio
>          Issue Type: Improvement
>          Components: studio-ldapbrowser
>    Affects Versions: 1.4.0
>            Reporter: Torsten Rehn
>
> From the OpenLDAP docs:
> "Since the ordering of olcAccess directives is essential to their proper evaluation, but LDAP attributes normally do not preserve the ordering of their values, OpenLDAP uses a custom schema extension to maintain a fixed ordering of these values. This ordering is maintained by prepending a "{X}" numeric index to each value [...]"
> I don't know if ADStudio intends to support this, but if it does: it's a mess right now. Editing and reordering those attributes is almost impossible. This is really needed when editing access rules set via olcAccess in cn=config. Are there any plans for handling those attributes better? The current situation makes me want to go back to slapd.conf.
> My guess is that this would require some special editor that reads all values of the attribute being edited, strips the curly braced indexes and uses "changetype: replace" to modify the entire attribute instead of a single value.
> I understand that OpenLDAP is probably not your main concern, but it would be nice.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Commented: (DIRSTUDIO-528) Handle schema extension used for OpenLDAP attribute ordering

Posted by "Stefan Seelmann (JIRA)" <ji...@apache.org>.
    [ https://issues.apache.org/jira/browse/DIRSTUDIO-528?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12749444#action_12749444 ] 

Stefan Seelmann commented on DIRSTUDIO-528:
-------------------------------------------

Added reply of Howard Chu to the mailing list:

The format is fully documented in this draft:

http://highlandsun.com/hyc/drafts/draft-chu-ldap-xordered-xx.html

I suppose at some point I should repost it to be published as an Informational RFC... 

Unfortunately the current behavior in OpenLDAP is so far from standard it can be a pain to implement in a schema-aware system. There were some issues with it that stopped the original draft from moving forward as a Standards Track document. But since we'd already implemented it I didn't have the motivation to fix the nits... Might be worth revisiting this on the ietf-ldapext mailing list. 


> Handle schema extension used for OpenLDAP attribute ordering
> ------------------------------------------------------------
>
>                 Key: DIRSTUDIO-528
>                 URL: https://issues.apache.org/jira/browse/DIRSTUDIO-528
>             Project: Directory Studio
>          Issue Type: Improvement
>          Components: studio-ldapbrowser
>    Affects Versions: 1.4.0
>            Reporter: Torsten Rehn
>
> From the OpenLDAP docs:
> "Since the ordering of olcAccess directives is essential to their proper evaluation, but LDAP attributes normally do not preserve the ordering of their values, OpenLDAP uses a custom schema extension to maintain a fixed ordering of these values. This ordering is maintained by prepending a "{X}" numeric index to each value [...]"
> I don't know if ADStudio intends to support this, but if it does: it's a mess right now. Editing and reordering those attributes is almost impossible. This is really needed when editing access rules set via olcAccess in cn=config. Are there any plans for handling those attributes better? The current situation makes me want to go back to slapd.conf.
> My guess is that this would require some special editor that reads all values of the attribute being edited, strips the curly braced indexes and uses "changetype: replace" to modify the entire attribute instead of a single value.
> I understand that OpenLDAP is probably not your main concern, but it would be nice.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Commented: (DIRSTUDIO-528) Handle schema extension used for OpenLDAP attribute ordering

Posted by "Stefan Seelmann (JIRA)" <ji...@apache.org>.
    [ https://issues.apache.org/jira/browse/DIRSTUDIO-528?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12764706#action_12764706 ] 

Stefan Seelmann commented on DIRSTUDIO-528:
-------------------------------------------

Studio 1.5.0 will contain basic support for X-ORDERED 'VALUES':
Modifications are sent as replace operation (addition still using add operation, deletion still using delete operation).
For reordering you have some options:
- You could toggle the the entry editor to save modifcations automatically or not, so you could switch off 'save automatically', change the values and then save the editor which sends all modifications using one changetype:modify.
- You could use the new 'LDIF Entry Editor' (right-click the entry and select Open With->LDIF Entry Editor). There you could change the indices and safe the modifications.

A dedicated value editor with re-order support should be added in future.


> Handle schema extension used for OpenLDAP attribute ordering
> ------------------------------------------------------------
>
>                 Key: DIRSTUDIO-528
>                 URL: https://issues.apache.org/jira/browse/DIRSTUDIO-528
>             Project: Directory Studio
>          Issue Type: Improvement
>          Components: studio-ldapbrowser
>    Affects Versions: 1.4.0
>            Reporter: Torsten Rehn
>
> From the OpenLDAP docs:
> "Since the ordering of olcAccess directives is essential to their proper evaluation, but LDAP attributes normally do not preserve the ordering of their values, OpenLDAP uses a custom schema extension to maintain a fixed ordering of these values. This ordering is maintained by prepending a "{X}" numeric index to each value [...]"
> I don't know if ADStudio intends to support this, but if it does: it's a mess right now. Editing and reordering those attributes is almost impossible. This is really needed when editing access rules set via olcAccess in cn=config. Are there any plans for handling those attributes better? The current situation makes me want to go back to slapd.conf.
> My guess is that this would require some special editor that reads all values of the attribute being edited, strips the curly braced indexes and uses "changetype: replace" to modify the entire attribute instead of a single value.
> I understand that OpenLDAP is probably not your main concern, but it would be nice.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.