[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: new function: ldap_access (ITS#2789)

Howard,  (cc: Chuck)

Thank you very much for your prompt reply. I can not follow your explanation 
about 'control' in your other message but I am delighted that you have 
thought about it and found some possibility to implement it, in theory.

I looked to the OL 2.1.22 code, namely ldapsearch.c and acl.c and could see 
quite clearly that it is some 'server-side' thing and not a 'ldap-search', 
i.e. client-side thing, which you are confirming. But I am to unkown with the 
magic of C to understand and assess it any further than that.

> If you like, my company would be happy to work with you to author an RFC
> defining this extension and bring it to the IETF. Contact my partner Chuck
> Noland if you want to get this set up.

I am very happy with your offer but I am not sure if this is possible. 
Especially if there is money involved in setting this up. Altough I need to 
hear the amount involved before rejecting it, it is my belief that my budget 
would not be sufficient for even one hour of your (company's) time.

Aside from possibly financial hurdles, it would definetely take someone with 
better understanding of protocol and such things to define such RFC properly. 
If your partner Mr. Noland has such ability, then I fail to see what my 
contribution could be to authoring such an RFC.

I *do* think that the general idea behind this is 'good'. I am therefor 
inclined to pursue this issue over the next decade with all the possible 
resources I can allocate for it, which as said is at the moment, virtually, 

Thank you for your assistance and please do take the time to clarify if there 
are financial requirements and also what my role *could* be in writing such 
an RFC.

Ace Suares

>   -- Howard Chu
>   Chief Architect, Symas Corp.       Director, Highland Sun
>   http://www.symas.com               http://highlandsun.com/hyc
>   Symas: Premier OpenSource Development and Support
> > -----Original Message-----
> > From: owner-openldap-bugs@OpenLDAP.org
> > [mailto:owner-openldap-bugs@OpenLDAP.org]On Behalf Of ace@suares.nl
> > Sent: Wednesday, October 22, 2003 5:58 PM
> > To: openldap-its@OpenLDAP.org
> > Subject: new function: ldap_access (ITS#2789)
> >
> >
> > Full_Name: Ace SU-ares
> > Version: any
> > OS: noarch
> > URL: ftp://ftp.openldap.org/incoming/
> > Submission from: (NULL) (
> >
> >
> > Feature Request:
> >
> > Determining what kind of access is granted can sometimes be
> > very convenient.
> >
> > For instance, when retrieving an entry, some attributes might
> > be writable,
> > others readable.
> >
> > One method of solving this would be an extention to
> > ldap_search; giving an extra
> > access-character (r,w, etc) to every attribute.
> >
> > However, this could also be achieved with a seperate tool or
> > function, which I
> > propose calling 'ldap_access'.
> >
> > ldap_access would give for each entry and each attribute the
> > acess level (r,w,
> > etc).
> >
> > ldap_access would take many of the same arguments from ldap_search.
> >
> > it should be just as easy to request the access level of a
> > single attribute as
> > well as many attributes of many entries. pseudo attributes 'entry' and
> > 'children' should also be accessible.
> >
> > Proposed is to represent the output in LDIF format where the
> > values be replaced
> > by the access level.

Ace Suares' Internet Consultancy
NIEUW ADRES: Postbus 2599, 4800 CN Breda
telefoon: 06-244 33 608
fax en voicemail: 0848-707 705
website: http://www.suares.nl * http://www.qwikzite.nl