Test operations

[Sébastien Bahloul <bahloul@linagora.com>]

Hello,

One month ago, I asked the list about integrating a new ACL model 
(AACLs), which is currently in test phase, as an overlay.

Now I'm looking to write an extended operation based on the standard, 
ACI or AACLs access model to allow operations testing.

The first point is about the need of such extended operation : what's 
your feeling about that ? Mine is that it could be very interesting 
because of the security model which is already defined in the LDAP 
directory and could be reuse to avoid a specification of a different 
model in the applications. So administrators would have to maintain only 
one model which could be shared between severeals applications.
(The need of a different model between the directory and the application 
could be satisfied by introducing a back-ldap instance between them with 
a different security model)

Second point is about the implementation. I think the operation needs 
three parameters :
- the operation (authentication, compare, search, read, modify, modify 
RDN, add, delete)
- the entry DN (in creation, the first thing is to get the entry's 
father DN)
- a list of attributes or null (or the "entry" keyword)
And it have to return one boolean parameter (is the access allowed or 
not ? for the write access on severels attributes, access would be 
allowed, if and only if all attributes could be written)

Third point : does this operation need to precised as a draft ?

Regards,

Sebastien.