[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: draft-ietf-ldapext-acl-model-04.txt

To: ietf-ldapext@netscape.com
Subject: Re: draft-ietf-ldapext-acl-model-04.txt
From: Jim Sermersheim <JIMSE@novell.com>
Date: Mon, 11 Oct 1999 17:18:18 -0600
Content-disposition: inline
Resent-date: Mon, 11 Oct 1999 16:18:31 -0700 (PDT)
Resent-from: ietf-ldapext@netscape.com
Resent-message-id: <"axPWfD.A.qnG.ABnA4"@glacier>
Resent-sender: ietf-ldapext-request@netscape.com

I noticed that the BNF has been expanded to allow a single aci to contain multiple acl entries.  In other words, now we can specify this:
aci: 1.2.3.4#subtree#grant#r,w;[all]#group#cn=Dept XYZ#1.2.3.4#entry#grant#r;attribute1#group#cn=maude

The BNF is already pretty complex and this makes it more so. Is there a compeling reason to do this?

The BNF also specifies that the scope may be entry, subtree, or a level (number).  entry and subtree imply their own definition, but level doesn't and it's not talked about anywhere. What does it mean?

Jim

Follow-Ups:
- Re: draft-ietf-ldapext-acl-model-04.txt
  - From: Ellen Stokes <stokes@austin.ibm.com>

Prev by Date: Re: draft-...-java-api-07 -LDAPConnection.getAuthenticationPassword()
Next by Date: draft-...-java-api-07 - LDAPConnection.search
Index(es):
- Chronological
- Thread