[Date Prev][Date Next]
Re: (ITS#6198) Authorization for extensions
> Full_Name: Howard Chu
> Version: HEAD/2.5
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (188.8.131.52)
> Submitted by: hyc
> The access control mechanism needs to be extended to control actions, not just
> objects, to control who may use various LDAP Controls and Extended Operations.
> access to control=<oid> by <who>
> access to op=<operation or oid> by <who>
What is "operation" supposed to be? I'd prefer only to allow "oid" since
OIDs are the only identifiers clearly specified in RFCs and I-Ds.