[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: "Authz IDs as only DNs" (in acl-reqts and acl-model) issue
According to 2251:
Entries MAY contain, among others, the following operational
attributes, defined in [5]. These attributes are maintained
automatically by the server and are not modifiable by clients:
- creatorsName: the Distinguished Name of the user who added this
entry to the directory.
According to 2252:
creatorsName
This attribute SHOULD appear in entries which were created using the
Add operation.
Ditto for modifiersName.
It seems to me that if the creatorsName isn't a DN, because the authzid
wasn't a DN, then that's a good reason why the above can't be done, and
hence they are not required by 2251 or 2252 to be done.
> -----Original Message-----
> From: Kurt D. Zeilenga [mailto:kurt@boolean.net]
> Sent: Saturday, November 13, 1999 12:21 PM
> To: JHodges@oblix.com
> Cc: IETF LDAP Extensions WG; Jeff Hodges; RL Bob Morgan
> Subject: Re: "Authz IDs as only DNs" (in acl-reqts and
> acl-model) issue
>
>
> Question: when the authorization identity is not a DN, what
> should server implementations store (as directed by RFC2251) in
> creatorsname/modifiersname?
>
> It appears to me that the authzIDs-are-not-necessarily-DNs notion
> implies we also have authzIDs-must-be-representable-as-DNs notion.
>
> Kurt
>
> ----
> Kurt D. Zeilenga <kurt@boolean.net>
> Net Boolean Incorporated <http://www.boolean.net/>
>