[Date Prev][Date Next] [Chronological] [Thread] [Top]

acis for public access


I'm just playing around with aci support in latest OpenLDAP cvs.
Therefore I read the mailinglist-archives as well as
draft-ietf-ldapext-acl-model-0[346].txt. Since OpenLDAP for now only
supports pieces of revision 04 but I need the functionality of making
attributes public, means giving access to anonymous users, which got
introduced in revision 06, I patched the aci support a bit to allow
just that. Therefore I introduced a <dnType> of "public", which
ignores the <subjectDN> and just grants whatever right is given by

So I just want to commit what I done and here the gurus' opinion if
there's any oversight or complete misunderstanding which opens
security holes.

In which direction is aci support going to be developed anyway? Will
future drafts or an RFC get implemented or is OpenLDAP going to
provide its own syntax? Is development done at all?

Thanks for your great work so far!
bye, Michael

Attachment: openldap-20000902-aci.patch
Description: Binary data