[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#5555) authzTo ACL check for wrong principal
On Mon, Jun 16, 2008 at 08:06:17PM +0200, Pierangelo Masarati wrote:
> Ah, OK. Note that since some point in 2.3, authorization is described
> by a specific syntax <http://www.openldap.org/faq/data/cache/1254.html>,
> which should probably be advertised a bit more (and moved out from the
> experimental OID arc).
If that is used *everywhere* for authorisation then there could well
be more doc errors to correct. I am fairly sure I saw one place where
the docs specifically exclude some of those forms.
I notice that '*' excludes anonymous in this spec. There is an
undocumented option to 'allow' that seems relevant: proxy_authz_anon -
would allowing this cause anon to be included in '*' generally or is
it not that simple?
Andrew
--
-----------------------------------------------------------------------
| From Andrew Findlay, Skills 1st Ltd |
| Consultant in large-scale systems, networks, and directory services |
| http://www.skills-1st.co.uk/ +44 1628 782565 |
-----------------------------------------------------------------------