From dev-return-21782-apmail-directory-dev-archive=directory.apache.org@directory.apache.org Mon Oct 01 16:10:31 2007 Return-Path: Delivered-To: apmail-directory-dev-archive@www.apache.org Received: (qmail 84299 invoked from network); 1 Oct 2007 16:10:30 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 1 Oct 2007 16:10:30 -0000 Received: (qmail 70507 invoked by uid 500); 1 Oct 2007 16:10:20 -0000 Delivered-To: apmail-directory-dev-archive@directory.apache.org Received: (qmail 70473 invoked by uid 500); 1 Oct 2007 16:10:20 -0000 Mailing-List: contact dev-help@directory.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Apache Directory Developers List" Delivered-To: mailing list dev@directory.apache.org Received: (qmail 70453 invoked by uid 99); 1 Oct 2007 16:10:20 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 01 Oct 2007 09:10:20 -0700 X-ASF-Spam-Status: No, hits=2.0 required=10.0 tests=HTML_MESSAGE,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of akarasulu@gmail.com designates 209.85.146.179 as permitted sender) Received: from [209.85.146.179] (HELO wa-out-1112.google.com) (209.85.146.179) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 01 Oct 2007 16:10:10 +0000 Received: by wa-out-1112.google.com with SMTP id m38so5257777waf for ; Mon, 01 Oct 2007 09:09:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:sender:to:subject:in-reply-to:mime-version:content-type:references:x-google-sender-auth; bh=apklmYILl7zkn7WXag8E58A/U9RKUx0hC0dqx5wrObQ=; b=ggW729W91h2WItSB8Z8t1THNNS715nCdmvA7b6UahjEtolegjEXVRtyIKe5DaiHf0hM9x9OcecAud+ZDq4jLZoSQnlT6TRUgzudWYmKyRhU6a15THdDwDfDJWqPfRTf1fY40KHf42Nau5056LHEiD3ewtt0WEttPtRfa1qgBLgk= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:sender:to:subject:in-reply-to:mime-version:content-type:references:x-google-sender-auth; b=rf8CWKbjyDYdqFLEH4ajCw7+zBR2sjJ97ucsGkSTWPTpiwhUOGXEuZo71yOqHozu3Hf3TeZnGBAIuscjK/IDaw1V9YUJW7LBf+dirfbUEk1yHL1eG3DiCNARARyMBK2eMPu/f+AbMuU/W6Gv9vcKhowLke3mw8iOMs5hVFnXSII= Received: by 10.115.22.1 with SMTP id z1mr975276wai.1191254988685; Mon, 01 Oct 2007 09:09:48 -0700 (PDT) Received: by 10.115.76.8 with HTTP; Mon, 1 Oct 2007 09:09:48 -0700 (PDT) Message-ID: Date: Mon, 1 Oct 2007 12:09:48 -0400 From: "Alex Karasulu" Sender: akarasulu@gmail.com To: "Apache Directory Developers List" Subject: Re: [ApacheDS] Change log ietf draft In-Reply-To: <2C1E663372C0A80D445DB1BF@192.168.1.3> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_Part_10853_22982199.1191254988648" References: <011C491F32B4E34764FA120A@192.168.1.3> <1DB9A7777C0D41C200F2DEB8@192.168.1.3> <2C1E663372C0A80D445DB1BF@192.168.1.3> X-Google-Sender-Auth: 710047566fd12328 X-Virus-Checked: Checked by ClamAV on apache.org ------=_Part_10853_22982199.1191254988648 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline +1 this would be a huge success for LDAP interoperability. Alex On 10/1/07, Quanah Gibson-Mount wrote: > > --On Monday, October 01, 2007 2:19 AM +0200 Emmanuel Lecharny > wrote: > > > In any cases, we also need to be able to log Search requests. It's a > > part of any AAA system... And some countries mandates you to store > > such informations (nah, not china nor USA : Swiss !) for tracking > > purpose if you open this system to the public. > > Yeah, completely familiar with that. ;) > > Also, I should correct my earlier bit -- With delta-sycnrepl, it is not > required that you only log writes. You can log any other operations you > want too, but logging writes is required. ;) Part of the setup for > delta-syncrepl restricts it to only reading write ops from the access log > database. > > has an example of > setting it up under OpenLDAP that I wrote up a while ago. > > I'd love to see a common replication mechanism between ADS and OpenLDAP > (really, I'd love to see one (or more) across all the dir servers. ;) ). > > --Quanah > > -- > > Quanah Gibson-Mount > Principal Software Engineer > Zimbra, Inc > -------------------- > Zimbra :: the leader in open source messaging and collaboration > ------=_Part_10853_22982199.1191254988648 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline +1 this would be a huge success for LDAP interoperability. 

Alex

On 10/1/07, Quanah Gibson-Mount <quanah@zimbra.com > wrote:
--On Monday, October 01, 2007 2:19 AM +0200 Emmanuel Lecharny
< elecharny@gmail.com> wrote:

> In any cases, we also need to be able to log Search requests. It's a
> part of any AAA system... And some countries mandates you to store
> such informations (nah, not china nor USA : Swiss !) for tracking
> purpose if you open this system to the public.

Yeah, completely familiar with that. ;)

Also, I should correct my earlier bit -- With delta-sycnrepl, it is not
required that you only log writes.  You can log any other operations you
want too, but logging writes is required. ;)  Part of the setup for
delta-syncrepl restricts it to only reading write ops from the access log
database.

< http://www.connexitor.com/forums/viewtopic.php?t=3> has an example of
setting it up under OpenLDAP that I wrote up a while ago.

I'd love to see a common replication mechanism between ADS and OpenLDAP
(really, I'd love to see one (or more) across all the dir servers. ;) ).

--Quanah

--

Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra ::  the leader in open source messaging and collaboration

------=_Part_10853_22982199.1191254988648--