[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACI syntax

At 11:15 AM 6/2/00 -0400, Mark Valence wrote:
>The LDAPaci syntax is ugly, sure, but the code works.

The LDAPaci syntax is in flux, for example, ACI families
(which we used) are now removed.  So, we must update.

I suggest we do what's "right for us" now (as we prepare for
release).  I don't mind if folks want to have an implementation
of LDAPaci which tracks the latest developments in this area,
but it should be separate from OpenLDAPaci (as this needs to
be released).

>My feeling is that the aci's would be constructed by software,
>so they don't have to be easy for people to read
>(although they are not that bad). 

Regardless of who updates them, they we need to have a well
defined syntax with appropriate matching rules.

>Still, there is alot of redundancy (stemming from too much 
>flexibility) in the current syntax.

That flexibility will be removed in the next rev. of the
ldapACI I-D.  It's been agreed that vendor ACIs should be
in separate attribute types.

>I welcome anyone's comments on the ACI syntax.  I'll be in that code 
>again, so if changes are needed/requested, now's the time.