Hi!
We have an application, that does not honour the shadowExpire attribute. It does however use a search filter to find users. The idea is, that we would extend the search filter to include an additional attribute. We would then set this attribute to 0 or 1 and the filter would NOT return users that have it set to 0. Missing or set to 1 and the user gets returned.
The search filters themselves do not provide any advanced comparisons like: if (shadowExpire =< today) then... Operation attributes seem to provide some more flexibility there. We could solve the problem if we could set up an operational attribute that would do if (shadowExpire =< today) then return 0 else return 1
Is it possible to add one's own operational attributes to 389DS? If it is, how should it be done the right way?
Kind regards, Mitja
-- Mitja Mihelič ARNES, Tehnološki park 18, p.p. 7, SI-1001 Ljubljana, Slovenia tel: +386 1 479 8800, fax: +386 1 479 88 99
On 07/27/2016 09:28 AM, Mitja Mihelič wrote:
Hi!
We have an application, that does not honour the shadowExpire attribute. It does however use a search filter to find users. The idea is, that we would extend the search filter to include an additional attribute. We would then set this attribute to 0 or 1 and the filter would NOT return users that have it set to 0. Missing or set to 1 and the user gets returned.
The search filters themselves do not provide any advanced comparisons like: if (shadowExpire =< today) then... Operation attributes seem to provide some more flexibility there. We could solve the problem if we could set up an operational attribute that would do if (shadowExpire =< today) then return 0 else return 1
Hi Mitja,
If I am understanding you correctly, then there is no such thing. There are no "attributes" that do any kind of "calculation". Operational attributes are attributes internal to the server, and these attribute are not returned to the client by default. That is there only special quality.
https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/ht...
It sounds like you need some type of custom plugin to do this calculation for you.
Regards, Mark
Is it possible to add one's own operational attributes to 389DS? If it is, how should it be done the right way?
Kind regards, Mitja
-- Mitja Mihelič ARNES, Tehnološki park 18, p.p. 7, SI-1001 Ljubljana, Slovenia tel: +386 1 479 8800, fax: +386 1 479 88 99 -- 389-users mailing list 389-users@lists.fedoraproject.org https://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproject.or...
On 27/07/16 15:35, Mark Reynolds wrote:
On 07/27/2016 09:28 AM, Mitja Mihelič wrote:
Hi!
We have an application, that does not honour the shadowExpire attribute. It does however use a search filter to find users. The idea is, that we would extend the search filter to include an additional attribute. We would then set this attribute to 0 or 1 and the filter would NOT return users that have it set to 0. Missing or set to 1 and the user gets returned.
The search filters themselves do not provide any advanced comparisons like: if (shadowExpire =< today) then... Operation attributes seem to provide some more flexibility there. We could solve the problem if we could set up an operational attribute that would do if (shadowExpire =< today) then return 0 else return 1
Hi Mitja,
If I am understanding you correctly, then there is no such thing. There are no "attributes" that do any kind of "calculation". Operational attributes are attributes internal to the server, and these attribute are not returned to the client by default. That is there only special quality.
I was afaraid of that.
https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/ht...
It sounds like you need some type of custom plugin to do this calculation for you.
Thank you for the tip about the plugins. Is there a tutorial on writing plugins for 389DS?
Regards, Mitja
Regards, Mark
Is it possible to add one's own operational attributes to 389DS? If it is, how should it be done the right way?
Kind regards, Mitja
-- Mitja Mihelič ARNES, Tehnološki park 18, p.p. 7, SI-1001 Ljubljana, Slovenia tel: +386 1 479 8800, fax: +386 1 479 88 99 -- 389-users mailing list 389-users@lists.fedoraproject.org https://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproject.or...
-- 389-users mailing list 389-users@lists.fedoraproject.org https://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproject.or...
On 07/27/2016 03:35 PM, Mark Reynolds wrote:
On 07/27/2016 09:28 AM, Mitja Mihelič wrote:
Hi!
We have an application, that does not honour the shadowExpire attribute. It does however use a search filter to find users. The idea is, that we would extend the search filter to include an additional attribute. We would then set this attribute to 0 or 1 and the filter would NOT return users that have it set to 0. Missing or set to 1 and the user gets returned.
The search filters themselves do not provide any advanced comparisons like: if (shadowExpire =< today) then... Operation attributes seem to provide some more flexibility there. We could solve the problem if we could set up an operational attribute that would do if (shadowExpire =< today) then return 0 else return 1
Hi Mitja,
If I am understanding you correctly, then there is no such thing. There are no "attributes" that do any kind of "calculation". Operational attributes are attributes internal to the server, and these attribute are not returned to the client by default. That is there only special quality.
https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/ht...
It sounds like you need some type of custom plugin to do this calculation for you.
there is something like computed attributes, but it requires a plugin to provide a compute function and the it can also register a search filter rewriter, see:
https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/ht...
But I think it is not widely used and requires some experimentation
Regards, Mark
Is it possible to add one's own operational attributes to 389DS? If it is, how should it be done the right way?
Kind regards, Mitja
-- Mitja Mihelič ARNES, Tehnološki park 18, p.p. 7, SI-1001 Ljubljana, Slovenia tel: +386 1 479 8800, fax: +386 1 479 88 99 -- 389-users mailing list 389-users@lists.fedoraproject.org https://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproject.or...
-- 389-users mailing list 389-users@lists.fedoraproject.org https://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproject.or...
389-users@lists.fedoraproject.org