[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: vendorACI attribute in draft-ietf-ldapext-acl-model-04.txt
Ellen Stokes wrote:
>
> David,
> The intent of vendorACI is to provide a way in which to allow non-LDAP
> defined ACI to appear in LDIF, so if you dump the directory into LDIF
> and then reload into another vendor's server and back again into your
> server, you don't lose any data. Vendors will continue to use their
> own access control mechanisms in cases, so it is expected that in some
> parts of the tree that may not be ldap accessible that you'll see the
> use of aCIMechanism, and hence vendorACI for preservation of that
> information at dump/restore time.
> The vendorACI attribute will remain in the model.
I don't quite follow you on this Ellen. Shouldn't a specific,
alternative aCIMechanism indicate what attribute is used to store the
alternative ACI mechanism (even if only for export and import)?
--
Mark Smith
iPlanet Directory Architect / Sun-Netscape Alliance
My words are my own, not my employer's. Got LDAP?