1This directory contains a slapd overlay, "allowed". 2 3 --- o --- o --- o --- 4 5It adds to entries returned by search operations the value of attributes 6 7"allowedAttributes" 8 <http://msdn.microsoft.com/en-us/library/ms675217(VS.85).aspx> 9 10"allowedAttributesEffective" 11 <http://msdn.microsoft.com/en-us/library/ms675218(VS.85).aspx> 12 13No other use is made of those attributes: they cannot be compared, 14they cannot be used in search filters, they cannot be used in ACLs, ... 15 16 --- o --- o --- o --- 17 18Other attributes like 19 20"allowedChildClasses" 21 <http://msdn.microsoft.com/en-us/library/ms675219(VS.85).aspx> 22"allowedChildClassesEffective" 23 <http://msdn.microsoft.com/en-us/library/ms675220(VS.85).aspx> 24 25make little sense within OpenLDAP's slapd right now, since any AUXILIARY 26objectClass can be added to an entry, while no STRUCTURAL objectClass can. 27This may change when DIT structure rules are implemented, while ACLs may 28restrict what AUXILIARY objectClasses can be added to an entry. 29 30 --- o --- o --- o --- 31 32Usage: add to slapd.conf(5) 33 34 35moduleload path/to/allowed.so 36overlay allowed 37 38or add 39 40dn: olcOverlay={0}allowed,olcDatabase={1}bdb,cn=config 41objectClass: olcOverlayConfig 42olcOverlay: {0}allowed 43 44as a child of the database that's intended to support this feature 45(replace "olcDatabase={1}bdb,cn=config" with the appropriate parent); 46or use 47 48dn: olcOverlay={0}allowed,olcDatabase={-1}frontend,cn=config 49objectClass: olcOverlayConfig 50olcOverlay: {0}allowed 51 52if it's supposed to be global. 53 54 --- o --- o --- o --- 55 56No Makefile is provided. Use a command line similar to: 57 58gcc -shared -I../../../include -I../../../servers/slapd -Wall -g \ 59 -o allowed.so allowed.c 60 61to compile this overlay, or even better use OpenLDAP's libtool as appropriate. 62 63--- 64This work is part of OpenLDAP Software <http://www.openldap.org/>. 65 66Copyright 2006-2009 The OpenLDAP Foundation. All rights reserved. 67 68Redistribution and use in source and binary forms, with or without 69modification, are permitted only as authorized by the OpenLDAP 70Public License. 71 72Redistribution and use in source and binary forms, with or without 73modification, are permitted only as authorized by the OpenLDAP 74Public License. 75 76A copy of this license is available in the file LICENSE in the 77top-level directory of the distribution or, alternatively, at 78<http://www.OpenLDAP.org/license.html>. 79 80ACKNOWLEDGEMENTS: 81This work was initially developed by Pierangelo Masarati for inclusion in 82OpenLDAP Software. 83 84