[Date Prev][Date Next] [Chronological] [Thread] [Top]

about frequently used ACLs

To: <openldap-devel@OpenLDAP.org>
Subject: about frequently used ACLs
From: "Pierangelo Masarati" <ando@sys-net.it>
Date: Wed, 18 Feb 2004 08:55:29 +0100 (CET)
Importance: Normal

A frequent use of ACL is in the form:

"allow access to entries that reside
in a subtree (or exactly one level
below a subtree) and whose RDN is
made of a single AVA, with a given
attributeType."

It's not easy to generate effective
regexps for this case, and there are
more efficient means to handle this
case.

So I suggest a DN style modifier that
states something like this:

"access to DN below some subtree (with
one, subtree or children granularity)
whose [at least one] RDN attributeType
is <attr>, where "at least one" is
optional.

Something like:

dn.{onelevel,subtree,children},ava[,multivalued] \
        =<attr>;<pattern>

the same could apply to the <who> clause.

Comments?

Ando.

-- 
Pierangelo Masarati
mailto:pierangelo.masarati@sys-net.it

Follow-Ups:
- Re: about frequently used ACLs
  - From: "Pierangelo Masarati" <ando@sys-net.it>

Prev by Date: Re: back-sql auxiliary class support and more
Next by Date: Re: about frequently used ACLs
Index(es):
- Chronological
- Thread