From efefcd324606eb5125ddf7c01046bc379764f234 Mon Sep 17 00:00:00 2001
From: neil_a_wilson <neil_a_wilson@localhost>
Date: Fri, 13 Apr 2007 15:59:03 +0000
Subject: [PATCH] Update the member virtual attribute implementation so that it provides a mechanism for preventing the entire member list from being returned, which can be a very expensive operation.  When running with this configuration, the attribute will handle requests that determine whether a given user is a member of the group, but will not list the entire set of membership.

---
 opendj-sdk/opends/resource/schema/02-config.ldif |    7 +++++++
 1 files changed, 7 insertions(+), 0 deletions(-)

diff --git a/opendj-sdk/opends/resource/schema/02-config.ldif b/opendj-sdk/opends/resource/schema/02-config.ldif
index 9138149..9dba19d 100644
--- a/opendj-sdk/opends/resource/schema/02-config.ldif
+++ b/opendj-sdk/opends/resource/schema/02-config.ldif
@@ -1156,6 +1156,9 @@
 attributeTypes: ( 1.3.6.1.4.1.26027.1.1.344
   NAME 'ds-cfg-virtual-attribute-value' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
   X-ORIGIN 'OpenDS Directory Server' )
+attributeTypes: ( 1.3.6.1.4.1.26027.1.1.345
+  NAME 'ds-cfg-allow-retrieving-membership' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+  SINGLE-VALUE X-ORIGIN 'OpenDS Directory Server' )
 objectClasses: ( 1.3.6.1.4.1.26027.1.2.1
   NAME 'ds-cfg-access-control-handler' SUP top STRUCTURAL
   MUST ( cn $ ds-cfg-acl-handler-class $ ds-cfg-acl-handler-enabled )
@@ -1615,4 +1618,8 @@
   NAME 'ds-cfg-user-defined-virtual-attribute' SUP ds-cfg-virtual-attribute
   STRUCTURAL MUST ds-cfg-virtual-attribute-value
   X-ORIGIN 'OpenDS Directory Server' )
+objectClasses: ( 1.3.6.1.4.1.26027.1.2.101
+  NAME 'ds-cfg-member-virtual-attribute' SUP ds-cfg-virtual-attribute
+  STRUCTURAL MUST ds-cfg-allow-retrieving-membership
+  X-ORIGIN 'OpenDS Directory Server' )
 

--
Gitblit v1.10.0