[Date Prev][Date Next] [Chronological] [Thread] [Top]


I'm considering the opportunity to move the search limits
selection/interpretation to the frontend, so they are
consistently used by all backends.  As such, the selected
structure with the appropriate limits, and their
interpretation in terms of usual search limits, should
be added to the req_search_s structure.

Moreover, I was considering the possibility to exploit
the limits infrastructure to set identity based limitations
to other operations, to provide a higher (and earlier)
selection of access in cooperation with ACLs.  E.g.:
limit write operations before the backend's function is
even called, or limit the possibility to use some control
(for proxyAuthz we already have the saslAuthz{To|From}
method, for paged results we already have some specific
limits on the size of the page and so, but the approach
could be of general use.  We could also think to create
something analogous to ACIs, e.g. limits inside the data
(maybe the idea is not new, and I'm reinventing the wheel;
in case, forgive me).


Dr. Pierangelo Masarati         mailto:pierangelo.masarati@sys-net.it
LDAP Architect, SysNet s.n.c.   http://www.sys-net.it

   SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497