[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Considering Attribute Subtypes during ACL evaluation

To: prasanta@netscape.com (Prasanta Behera)
Subject: Re: Considering Attribute Subtypes during ACL evaluation
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Sat, 30 Sep 2000 11:38:38 -0700
Cc: hahnt@us.ibm.com, ietf-ldapext@netscape.com
In-reply-to: <39D5FB0D.EC5E4F0B@netscape.com>
References: <OFF3ACCCB0.AE759A44-ON8525696A.0039BB6B@pok.ibm.com>

At 07:39 AM 9/30/00 -0700, Prasanta Behera wrote:
>Currently  the netscape/iPlanet DS ACL supports a attribute inheritance of subtypes e.g. if you allow access to 
>"cn", it automatically means { cn, cn;* } 
>
>However, it is much harder to map "name" to "cn, sn". 

I would say that server dependent.  If your server has schema
aware ACL evaluation (which I dare say is a must if you intend
to handle alternative naming of attribute types), then handling
subtyping is no big deal.

Of course, subtyping in LDAP is completely optional.  I would
argue that subtyping within ACLs should likewise be optional.

Prev by Date: Re: comments on draft-ietf-ldapext-ldap-java-api-11.txt
Next by Date: I need to make YOU Wealthy so I can be Wealthy!!!
Index(es):
- Chronological
- Thread