Merge remote-tracking branch 'origin/mdb.master'

[openldap] / contrib / slapd-modules / allowed / allowed.c

diff --git a/contrib/slapd-modules/allowed/allowed.c b/contrib/slapd-modules/allowed/allowed.c
index 6ee246a2180bd01e7f181625b135a6843c4bf6e4..7da0650604e87234590a3d32e383327e1f50c381 100644 (file)
--- a/contrib/slapd-modules/allowed/allowed.c
+++ b/contrib/slapd-modules/allowed/allowed.c
@@ -2,7 +2,7 @@
 /* $OpenLDAP$ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2006-2012 The OpenLDAP Foundation.
+ * Copyright 2006-2014 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -47,11 +47,23 @@
 #include "slap.h"
 
 /*
- * Schema from
+ * NOTE: part of the schema definition reported below is taken
+ * from Microsoft schema definitions (OID, NAME, SYNTAX);
  *
+ * EQUALITY is taken from
  * <http://www.redhat.com/archives/fedora-directory-devel/2006-August/msg00007.html>
+ * (posted by Andrew Bartlett)
  *
- * posted by Andrew Bartlett
+ * The rest is guessed.  Specifically
+ *
+ * DESC briefly describes the purpose
+ *
+ * NO-USER-MODIFICATION is added to make attributes operational
+ *
+ * USAGE is set to "dSAOperation" as per ITS#7493,
+ * to prevent replication, since this information
+ * is generated (based on ACL and identity of request)
+ * and not stored.
  */
 
 #define AA_SCHEMA_AT "1.2.840.113556.1.4"
@@ -73,7 +85,7 @@ static struct {
                /* added by me :) */
                "DESC 'Child classes allowed for a given object' "
                "NO-USER-MODIFICATION "
-               "USAGE directoryOperation )", &ad_allowedChildClasses },
+               "USAGE dSAOperation )", &ad_allowedChildClasses },
        { "( " AA_SCHEMA_AT ".912 "
                "NAME 'allowedChildClassesEffective' "
                "EQUALITY objectIdentifierMatch "
@@ -81,7 +93,7 @@ static struct {
                /* added by me :) */
                "DESC 'Child classes allowed for a given object according to ACLs' "
                "NO-USER-MODIFICATION "
-               "USAGE directoryOperation )", &ad_allowedChildClassesEffective },
+               "USAGE dSAOperation )", &ad_allowedChildClassesEffective },
        { "( " AA_SCHEMA_AT ".913 "
                "NAME 'allowedAttributes' "
                "EQUALITY objectIdentifierMatch "
@@ -89,7 +101,7 @@ static struct {
                /* added by me :) */
                "DESC 'Attributes allowed for a given object' "
                "NO-USER-MODIFICATION "
-               "USAGE directoryOperation )", &ad_allowedAttributes },
+               "USAGE dSAOperation )", &ad_allowedAttributes },
        { "( " AA_SCHEMA_AT ".914 "
                "NAME 'allowedAttributesEffective' "
                "EQUALITY objectIdentifierMatch "
@@ -97,7 +109,7 @@ static struct {
                /* added by me :) */
                "DESC 'Attributes allowed for a given object according to ACLs' "
                "NO-USER-MODIFICATION "
-               "USAGE directoryOperation )", &ad_allowedAttributesEffective },
+               "USAGE dSAOperation )", &ad_allowedAttributesEffective },
 
        /* TODO: add objectClass stuff? */