[Date Prev][Date Next]
(ITS#4806) allow internal operations to require more specific access privileges
Full_Name: Pierangelo Masarati
Submission from: (NULL) (184.108.40.206)
Submitted by: ando
Occasionally, internal operations, and significantly searches, are performed for
some given purpose which would require different access privileges than, for
example in case of searches, "search" on the filter and "read" on the data. In
those cases, it may be useful to allow issuers of internal operations to change
the access privilege that's requested.
This feature (is implemented to address an issue with slapo-dynlist(5) which
uses an internal search to collect data for compare, and thus checks "search"
access on the filter of the memberURL and "read" on the datum to be compared.
See <http://www.openldap.org/lists/openldap-devel/200701/msg00056.html> for