[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#3877) openldapACIValidate patch + legal issues

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#3877) openldapACIValidate patch + legal issues
From: ando@sys-net.it
Date: Wed, 17 Aug 2005 15:25:46 GMT

A reworked patch has been applied to HEAD.  I note that few steps remain:
- aci_mask() should now take advantage of the availability of normalized
values and be less paranoid
- the combination #define SLAPD_ACI_ENABLED / #undef SLAP_DYNACL should be
removed, to simplify the code
- the Validate/Pretty/Normalize functions do not handle all of the
semantics of the original aci_mask() function; for instance, that routine
allowed value submatch embedded in attribute permissions.  I think that
capability should be removed, unless it proves of extreme usefulness.
- the first field in an ACI value is an objectIdentifier, not an integer;
as such, I used numericoidValidate() instead of integerValidate();
however, I'd favor an approach that uses the OpenLDAP X-ORDERED 'VALUES'
extension to ensure that values are used in the expected order, and to
simplify management by accessing by index instead of by value.  Access by
index could be done as well in the current version by defining a sort of
objectIdentifierFirstComponentMatch rule for the OpenLDAPaciSyntax.

Please test.  Thanks, p.

-- 
Pierangelo Masarati
mailto:pierangelo.masarati@sys-net.it


    SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497

Prev by Date: Re: (ITS#3946) PPolicy Overlay - Problem with password reset
Next by Date: (ITS#3947) ldap(3) man page points to non existing man pages
Index(es):
- Chronological
- Thread