[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACI syntax

I'll be updating the ACI syntax soon, and I need comments on what the OpenLDAPaci syntax should look like. I propose that we use a syntax similar to the latest LDAPaci syntax, which is a bit cleaner than what's implemented right now.

One difference might be to use keywords (in the "subject" field) that match the keywords that are used for OpenLDAP ACLs. I'm thinking about the "ipAddress" keyword that LDAPaci uses -- we might prefer using "sockurl", which implies that this is a URL, not merely an IP address (doesn't everybody use DHCP now anyway? ;-)

We'd also add a "dnattr" keyword, which is actually implemented now, and any other of the ACL subject ("who") categories that are useful. I'd also keep "this" and "public" from the LDAPaci spec.

I'd also like to extend the attribute field so that it can do value matches, like are implemented now.