[sudo-workers] sudo LDAP and order of matches
Andreas Mueller
afm at othello.ch
Mon Oct 11 09:12:59 EDT 2010
Todd,
Quoting "Todd C. Miller" <Todd.Miller at courtesan.com>:
> I've been thinking about this as well and was considering adding a
> "weight" or "order" attribute that can be used to sort matching
> responses. This would allow ordering to be preserved when converting
> a sudoers file into ldif format. It could also be used to prefer
> authenticated or unauthenticated entries.
As LDAP has no concept of order, it would be necessary to perform
sorting in the client, or if only a small number of weights are used,
perform a search for each weight. The latter solution may in crease
the number of searches on average, but may also decrease the average
data retrieved from the LDAP server.
If only one search is used, then all the entries of the search result
have to be kept in memory, sorted (no problem if qsort(3) is used)
and the entries checked in order. No signification overhead is incurred
as ldapsearch stores the complete search result anyway.
I admit that I like this more my original proposal. I think I could
spend some time on implementing it next wednesday.
Best regards
Andreas
--
Prof. Dr. Andreas Mueller
andreas.mueller at othello.ch
Bubental 53, 8852 Altendorf
Voice: +41 55 4621481 Fax/Data: +41 55 4621482
http://www.eurocketry.org/forum/german/viewtopic.php?p=15049#15049
http://www.youtube.com/watch?v=keweeQdMAFM
More information about the sudo-workers
mailing list