[Date Prev][Date Next]
Re: (ITS#6487) Nssov pam_authz authorizedUserService
- To: openldap-its@OpenLDAP.org
- Subject: Re: (ITS#6487) Nssov pam_authz authorizedUserService
- From: firstname.lastname@example.org
- Date: Mon, 22 Mar 2010 06:25:30 GMT
- Auto-submitted: auto-generated (OpenLDAP-ITS)
> I like what this offers administrators but I have a comment about how you
> handle "wildcards". They aren't wild at all, but "magic strings" with only
> one possible meaning: all users/services with the single magic character
> "*". If you have a defined user naming convention like i_whatever for
> interns and c_whatever for contractors, it would be useful to be able to
> either include or exclude such users from using certain services.
> My patch at http://www.openldap.org/its/index.cgi?findid=6495 does this for
> userhost and userservices attributes, and includes negation. Would you be
> interested in working with me to expand this to support real wildcards?
> Also I suggest you make this two patches, as the patch submission
> guidelines clearly state that one patch for 1 feature, and the meaty parts
> of this are obfuscated by increasing the buffer sizes which should probably
> be in a separate patch.
> Regards, Kean
This patch was rejected. The functionality it offered was already provided by
the slapd ACL engine.
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/