[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Shell backend, modify method, ACL

To: openldap-devel@OpenLDAP.org
Subject: Re: Shell backend, modify method, ACL
From: Xavier Redon <Xavier.Redon@eudil.fr>
Date: Thu, 21 Jun 2001 21:34:53 +0200 (CEST)

> Yes, to properly evaluate ACLs, one needs a complete copy of
> entry.

  Ok, that is because the <who> part of an ACL can be computed from
the attributes of the entry, isn't it ?

  So a more correct (and complex) method may be to ask the shell-backend
to find the entry (sending a SEARCH request) then evaluate the ACL and only
then send a MODIFY request (for allowed modifications).

  Is there another flaw in this method ?

Regards,

Xavier

Prev by Date: Re: Shell backend, modify method, ACL
Next by Date: Re: SLAPD: Should access checks take place before filter matching?
Index(es):
- Chronological
- Thread