[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#3625) [enhancement] per-operation ACLs

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#3625) [enhancement] per-operation ACLs
From: Kurt@OpenLDAP.org
Date: Fri, 1 Apr 2005 20:37:12 GMT

What about modify operations which add entries, or
add operations that modify existing entries, or
delete operations that do searches, or searches
that do deletes?

Is it the LDAP op code that matters here? or the
underlying DIT operation?  I think the latter.

Maybe it would make more sense to divide "w"
into different kinds of writes?

Kurt

At 12:16 PM 4/1/2005, ando@sys-net.it wrote:
>ando@sys-net.it wrote:
>
>>I'll prepare a prototype in a moment.
>>  
>>
>The patch is @ 
><ftp://ftp.openldap.org/incoming/pierangelo.masarati.per-op-acl-2005-04-01.patch>
>
>Syntax:
>
>access to [...] op=[!]<oplist>
>    by ...
>where <oplist> is a comma-separated list of "compare", "search" (same as 
>"read"), "add", "delete", "modify", "rename" (same as "write"), "bind", 
>"extended".  I haven't considered "unbind" and "abandon", because they 
>seem to make little sense, nor specialized "extended" to the known ops 
>because this is just to get the feeling.
>
>Please comment.
>
>Ciao, p.
>
>
>    SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497

Prev by Date: Re: (ITS#3612) Segfault in libraries/libldap/result.c
Next by Date: Re: (ITS#3625) [enhancement] per-operation ACLs
Index(es):
- Chronological
- Thread