[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: filters in ldapACI (WAS Re: I-D ACTION:draft-ietf-ldapext-acl-model-06.txt)

To: Rob Byrne - Sun Microsystems <Robert.Byrne@france.Sun.COM>
Subject: Re: filters in ldapACI (WAS Re: I-D ACTION:draft-ietf-ldapext-acl-model-06.txt)
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Fri, 21 Jul 2000 08:48:18 -0700
Cc: Rob Byrne - Sun Microsystems <Robert.Byrne@france.Sun.COM>, Haripriya S <SHARIPRIYA@novell.com>, ietf-ldapext@netscape.com
In-reply-to: <39786CB3.94940751@france.sun.com>
References: <s976996e.093@prv-mail20.provo.novell.com> <39783E35.72FB2B25@france.sun.com> <4.3.2.7.0.20000721075234.00b2dd50@infidel.boolean.net>

At 05:30 PM 7/21/00 +0200, Rob Byrne - Sun Microsystems wrote:
>I think the question was rather how to make an aci grant access as a function of the value of the objectclass attribute in it's entry.

Fair enough.

>In the example, both objectclasses allow the cn attribute but we want the aci to apply in one case but not the other.

Okay.  Content based ACIs... hmmm.... seems this might cause a few wrinkles
(or at least add a lot of complexity).

>> distinguish by objectclass ( I may want to expose cn for
>>     inetorgperson but not for
>>      residentialperson by default).

References:
- Re: I-D ACTION:draft-ietf-ldapext-acl-model-06.txt
  - From: "Haripriya S" <SHARIPRIYA@novell.com>
- filters in ldapACI (WAS Re: I-D ACTION:draft-ietf-ldapext-acl-model-06.txt)
  - From: Rob Byrne - Sun Microsystems <Robert.Byrne@france.Sun.COM>
- Re: filters in ldapACI (WAS Re: I-D ACTION:draft-ietf-ldapext-acl-model-06.txt)
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
- Re: filters in ldapACI (WAS Re: I-D ACTION:draft-ietf-ldapext-acl-model-06.txt)
  - From: Rob Byrne - Sun Microsystems <Robert.Byrne@france.Sun.COM>

Prev by Date: Re: filters in ldapACI (WAS Re: I-D ACTION:draft-ietf-ldapext-acl-model-06.txt)
Next by Date: authentication mechanisms question
Index(es):
- Chronological
- Thread