[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#6487) Nssov pam_authz authorizedUserService

kean.johnston@gmail.com wrote:
> I like what this offers administrators but I have a comment about how you
> handle "wildcards". They aren't wild at all, but "magic strings" with only
> one possible meaning: all users/services with the single magic character
> "*". If you have a defined user naming convention like i_whatever for
> interns and c_whatever for contractors, it would be useful to be able to
> either include or exclude such users from using certain services.
> My patch at http://www.openldap.org/its/index.cgi?findid=6495 does this for
> userhost and userservices attributes, and includes negation. Would you be
> interested in working with me to expand this to support real wildcards?
> Also I suggest you make this two patches, as the patch submission
> guidelines clearly state that one patch for 1 feature, and the meaty parts
> of this are obfuscated by increasing the buffer sizes which should probably
> be in a separate patch.
> Regards, Kean

This patch was rejected. The functionality it offered was already provided by 
the slapd ACL engine.

   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/