[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: about frequently used ACLs

Sounds like you are trying to implement a name form/
structure rule requirement using an access control...
I'd think it might be better to instead implement
DIT structure rules and name forms


At 11:55 PM 2/17/2004, Pierangelo Masarati wrote:
>A frequent use of ACL is in the form:
>"allow access to entries that reside
>in a subtree (or exactly one level
>below a subtree) and whose RDN is
>made of a single AVA, with a given
>It's not easy to generate effective
>regexps for this case, and there are
>more efficient means to handle this
>So I suggest a DN style modifier that
>states something like this:
>"access to DN below some subtree (with
>one, subtree or children granularity)
>whose [at least one] RDN attributeType
>is <attr>, where "at least one" is
>Something like:
>dn.{onelevel,subtree,children},ava[,multivalued] \
>        =<attr>;<pattern>
>the same could apply to the <who> clause.
>Pierangelo Masarati