[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#6198) Authorization for extensions

hyc@OpenLDAP.org wrote:
> Full_Name: Howard Chu
> Version: HEAD/2.5
> OS: 
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (
> Submitted by: hyc
> The access control mechanism needs to be extended to control actions, not just
> objects, to control who may use various LDAP Controls and Extended Operations.


> E.g.
>   access to control=<oid> by <who>
>   access to op=<operation or oid> by <who>
What is "operation" supposed to be? I'd prefer only to allow "oid" since
OIDs are the only identifiers clearly specified in RFCs and I-Ds.

Ciao, Michael.