[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#6487) Nssov pam_authz authorizedUserService

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#6487) Nssov pam_authz authorizedUserService
From: hyc@symas.com
Date: Mon, 22 Mar 2010 06:25:30 GMT
Auto-submitted: auto-generated (OpenLDAP-ITS)

kean.johnston@gmail.com wrote:
> I like what this offers administrators but I have a comment about how you
> handle "wildcards". They aren't wild at all, but "magic strings" with only
> one possible meaning: all users/services with the single magic character
> "*". If you have a defined user naming convention like i_whatever for
> interns and c_whatever for contractors, it would be useful to be able to
> either include or exclude such users from using certain services.
>
> My patch at http://www.openldap.org/its/index.cgi?findid=6495 does this for
> userhost and userservices attributes, and includes negation. Would you be
> interested in working with me to expand this to support real wildcards?
> Also I suggest you make this two patches, as the patch submission
> guidelines clearly state that one patch for 1 feature, and the meaty parts
> of this are obfuscated by increasing the buffer sizes which should probably
> be in a separate patch.
>
> Regards, Kean

This patch was rejected. The functionality it offered was already provided by 
the slapd ACL engine.

-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/

Prev by Date: Re: (ITS#6487) Nssov pam_authz authorizedUserService
Next by Date: Re: (ITS#6495) nssov patch to better emulate pam_ldap behaviour
Index(es):
- Chronological
- Thread