[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Objections to draft-ietf-ldapext-psearch-01.txt

To: ietf-ldapext@netscape.com
Subject: Re: Objections to draft-ietf-ldapext-psearch-01.txt
From: dboreham@netscape.com (David Boreham)
Date: Thu, 20 Aug 1998 21:28:07 -0700
References: <D1A949D4508DD1119C8100400533BEDC05D431@DSG1>
Resent-date: Thu, 20 Aug 1998 21:27:52 -0700 (PDT)
Resent-from: ietf-ldapext@netscape.com
Resent-message-id: <"Djc_r2.0.FE3.6TFtr"@glacier>
Resent-sender: ietf-ldapext-request@netscape.com

Alan Lloyd wrote:

audit records in, etc, etc -- how does one apply a "control"
"capability/privilege" to users in a distributed world with things like
this?? can we have different extension use/scope according to the
entries they involve??? Compatability is an issue.

Perhaps this was a rhetorical question, here's an answer:
In our implementation we create entries in a special DIT
location (under "cn=Features", from memory). There's
an object for each whacky extension, identified by the
control's OID. These entries can be subject to access control.
Access to the "feature entry" connotes the ability to use the
feature. This seems to simple and obvious, that I suspect
I've misunderstood Alan's point.

References:
- RE: Objections to draft-ietf-ldapext-psearch-01.txt
  - From: Alan Lloyd <Alan.Lloyd@OpenDirectory.com.au>

Prev by Date: RE: Objections to draft-ietf-ldapext-psearch-01.txt
Next by Date: RE: Objections to draft-ietf-ldapext-psearch-01.txt
Index(es):
- Chronological
- Thread