[Date Prev][Date Next]
RE: new function: ldap_access (ITS#2789)
I'd have to agree with Howard here. I'm inclined to reject
this software request.
At 06:54 PM 10/22/2003, firstname.lastname@example.org wrote:
>What you're requesting would require an extension of the LDAP protocol. Since
>there currently is no standard specification for how access control is
>performed in LDAP, you might need that spec to be hashed out first.
>Having thought very briefly about this, I would make this a Control that
>rides on an LDAP Search request. The control response would accompany every
>SearchResultEntry and contain a list of all the modifiable attributes in the
>SearchResultEntry. That should provide sufficient information without getting
>lost in the details of how access controls are implemented in a particular
>If your request is that we implement such a feature in OpenLDAP, I think the
>answer is "we can't until a standard spec exists for the feature."
>> -----Original Message-----
>> From: owner-openldap-bugs@OpenLDAP.org
>> [mailto:owner-openldap-bugs@OpenLDAP.org]On Behalf Of email@example.com
>> Full_Name: Ace SU-ares
>> Version: any
>> OS: noarch
>> URL: ftp://ftp.openldap.org/incoming/
>> Submission from: (NULL) (22.214.171.124)
>> Feature Request:
>> Determining what kind of access is granted can sometimes be
>> very convenient.
>> For instance, when retrieving an entry, some attributes might
>> be writable,
>> others readable.
>> One method of solving this would be an extention to
>> ldap_search; giving an extra
>> access-character (r,w, etc) to every attribute.
>> However, this could also be achieved with a seperate tool or
>> function, which I
>> propose calling 'ldap_access'.
>> ldap_access would give for each entry and each attribute the
>> acess level (r,w,
>> ldap_access would take many of the same arguments from ldap_search.
>> it should be just as easy to request the access level of a
>> single attribute as
>> well as many attributes of many entries. pseudo attributes 'entry' and
>> 'children' should also be accessible.
>> Proposed is to represent the output in LDIF format where the
>> values be replaced
>> by the access level.
> -- Howard Chu
> Chief Architect, Symas Corp. Director, Highland Sun
> http://www.symas.com http://highlandsun.com/hyc
> Symas: Premier OpenSource Development and Support