[Date Prev][Date Next]
Re: ACI syntax
I'll be updating the ACI syntax soon, and I need comments on what the
OpenLDAPaci syntax should look like. I propose that we use a syntax
similar to the latest LDAPaci syntax, which is a bit cleaner than
what's implemented right now.
One difference might be to use keywords (in the "subject" field) that
match the keywords that are used for OpenLDAP ACLs. I'm thinking
about the "ipAddress" keyword that LDAPaci uses -- we might prefer
using "sockurl", which implies that this is a URL, not merely an IP
address (doesn't everybody use DHCP now anyway? ;-)
We'd also add a "dnattr" keyword, which is actually implemented now,
and any other of the ACL subject ("who") categories that are useful.
I'd also keep "this" and "public" from the LDAPaci spec.
I'd also like to extend the attribute field so that it can do value
matches, like are implemented now.