[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#4806) allow internal operations to require more specific access privileges

To: openldap-its@OpenLDAP.org
Subject: (ITS#4806) allow internal operations to require more specific access privileges
From: ando@sys-net.it
Date: Tue, 16 Jan 2007 21:12:12 GMT

Full_Name: Pierangelo Masarati
Version: HEAD,re23
OS: irrelevant
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (81.72.89.40)
Submitted by: ando


Occasionally, internal operations, and significantly searches, are performed for
some given purpose which would require different access privileges than, for
example in case of searches, "search" on the filter and "read" on the data.  In
those cases, it may be useful to allow issuers of internal operations to change
the access privilege that's requested.

This feature (is implemented to address an issue with slapo-dynlist(5) which
uses an internal search to collect data for compare, and thus checks "search"
access on the filter of the memberURL and "read" on the datum to be compared.

See <http://www.openldap.org/lists/openldap-devel/200701/msg00056.html> for
discussion.

Prev by Date: (ITS#4805) memory leak in syncrepl code
Next by Date: (ITS#4807) CLOCK-Pro cache replacement
Index(es):
- Chronological
- Thread