[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: draft-ietf-ldapext-acl-model-04.txt
I noticed that the BNF has been expanded to allow a single aci to contain multiple acl entries. In other words, now we can specify this:
aci: 1.2.3.4#subtree#grant#r,w;[all]#group#cn=Dept XYZ#1.2.3.4#entry#grant#r;attribute1#group#cn=maude
The BNF is already pretty complex and this makes it more so. Is there a compeling reason to do this?
The BNF also specifies that the scope may be entry, subtree, or a level (number). entry and subtree imply their own definition, but level doesn't and it's not talked about anywhere. What does it mean?
Jim