Re: no more direct support ACIs?

["Kurt D. Zeilenga" <Kurt@OpenLDAP.org>]

I support moving ACIs into a module.  ACIs have always
been experimental and experimental code is always better
placed outside of the mainstream code.

Kurt

At 04:43 PM 12/9/2005, Pierangelo Masarati wrote:
>On Fri, 2005-12-09 at 14:43 +0100, Pierangelo Masarati wrote:
>> I'd remove direct ACI support from the next 2.3 release, moving
>> SLAP_DYNACL from #ifdef LDAP_DEVEL to configure, with a --enable-dynacl
>> switch.  The --enabe-aci would remain, and it would imply --enable-
>> dynacl.  The old syntax would be supported, but undocumented, and only
>> the new one, by way of dynacl, would be advertised.
>> 
>> This way, nothing would change for current regular users of ACIs (except
>> perhaps for a warning when configuring with the old syntax), but at
>> least new users would have to go thru the new interface.  Next step will
>> be to remove them from static build, an move to contrib as a dynamic
>> module.
>> 
>> Comments (like, keep it for 2.4 :) ?
>
>I've posted a FAQ entry
><http://www.openldap.org/faq/data/cache/1284.html> that discusses access
>control customization, from sets to ACIs to dynacl.
>
>Let me stress that, as I wrote in the initial message, ACIs will remain
>part of slapd; only, they have already been factored out of access
>control code, and they likely will move into a run-time loaded module,
>but the original functionality will be fully preserved.
>
>p.
>
>
>
>
>Ing. Pierangelo Masarati
>Responsabile Open Solution
>
>SysNet s.n.c.
>Via Dossi, 8 - 27100 Pavia - ITALIA
>http://www.sys-net.it
>------------------------------------------
>Office:   +39.02.23998309          
>Mobile:   +39.333.4963172
>Email:    pierangelo.masarati@sys-net.it
>------------------------------------------