[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: draft-ietf-ldapext-acl-model-04.txt

To: Jim Sermersheim <JIMSE@novell.com>
Subject: Re: draft-ietf-ldapext-acl-model-04.txt
From: Ellen Stokes <stokes@austin.ibm.com>
Date: Wed, 13 Oct 1999 08:02:20 -0500
Cc: ietf-ldapext@netscape.com
In-reply-to: <s8021b9d.086@prv-mail20.provo.novell.com>
Resent-date: Wed, 13 Oct 1999 06:34:18 -0700 (PDT)
Resent-from: ietf-ldapext@netscape.com
Resent-message-id: <"s3_P3B.A.s3F.OpIB4"@glacier>
Resent-sender: ietf-ldapext-request@netscape.com

Jim,

1.  I don't know why the BNF was expanded to allow a single aci to contain
multiple
acl entries.  I'll check with Debbie when she's back from vacation next week.

2.  Level means n levels down in a subtree.  So, for example, if the
subtree is 15 levels
deep and you only want the first 4 levels, you can set the scope to level=4.

Ellen

At 05:18 PM 10/11/1999 -0600, Jim Sermersheim wrote:
>I noticed that the BNF has been expanded to allow a single aci to contain
multiple acl entries.  In other words, now we can specify this:
>aci: 1.2.3.4#subtree#grant#r,w;[all]#group#cn=Dept
XYZ#1.2.3.4#entry#grant#r;attribute1#group#cn=maude
>
>The BNF is already pretty complex and this makes it more so. Is there a
compeling reason to do this?
>
>The BNF also specifies that the scope may be entry, subtree, or a level
(number).  entry and subtree imply their own definition, but level doesn't
and it's not talked about anywhere. What does it mean?
>
>Jim
>

References:
- Re: draft-ietf-ldapext-acl-model-04.txt
  - From: Jim Sermersheim <JIMSE@novell.com>

Prev by Date: grant / deny precedence in draft-ietf-ldapext-acl-model-04.txt
Next by Date: Re: rights families in draft-ietf-ldapext-acl-model-04.txt
Index(es):
- Chronological
- Thread