[Date Prev][Date Next]
Re: EXTERNAL and ldapi://
"Kurt D. Zeilenga" wrote:
> At 10:17 AM 2002-01-28, Pierangelo Masarati wrote:
> >"Kurt D. Zeilenga" wrote:
> >> BTW, it would be interesting to create an LDAP
> >> authorization association based upon the Unix
> >> domain credential via getsockopt SCM_CREDENTIALS
> >> (and like mechanisms) and SASL EXTERNAL....
> >Interesting idea, although, quoting the linux documentation project
> > SCM_CREDENTIALS and the abstract namespace were introduced
> > with Linux 2.2 and should not be used in portable pro
> > grams.
> #ifdef SCM_CREDENTIALS /* :-) */
> I note that the idea might be interesting enough to implement
> in HEAD, but not interesting enough to be released. I have
> no problem with experimenting with interesting ideas in HEAD
> (as long as experiments don't get in the way of other things).
Of course. I implemented the chmod stuff in ldapi URLs; it works
slapd -h "ldapi://%2Ftmp%2Fldap.sock/????x-mod=-w--w----"
As soon as all that really matters is write permission,
I'll probably turn it into
extension = ["!"] extype ["=" exvalue]
extype = xtoken
exvalue = mode mode mode
xtoken = "x-mod"
mode = "w" / "-"
I also honor the critical flag "!" by ignoring a failure of chmod()
if it is not set (which is questionable, indeed); the default, e.g.
ldapi://[path] implies critical chmod(700).
Dr. Pierangelo Masarati | voice: +39 02 2399 8309
Dip. Ing. Aerospaziale | fax: +39 02 2399 8334
Politecnico di Milano |
via La Masa 34, 20156 Milano, Italy |