[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: back-config again

To: Howard Chu <hyc@highlandsun.com>
Subject: Re: back-config again
From: Michael Ströder <michael@stroeder.com>
Date: Mon, 29 Mar 2004 09:13:23 +0200
Cc: "'Quanah Gibson-Mount'" <quanah@stanford.edu>, openldap-devel@OpenLDAP.org
In-reply-to: <01cf01c4154b$fc28cf80$0e01a8c0@CELLO>
References: <01cf01c4154b$fc28cf80$0e01a8c0@CELLO>
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040113

Howard Chu wrote:


I see your point, but just because ACLs can be quite fluid doesn't make them
inherently different from the other configuration items.
[..]
Of course, if you're going to duplicate the DIT's hierarchical layout anyway,
you might as well just merge the ACLs into the DIT itself. Oh wait, that's an
ACI. Hm, what does *that* mean, I wonder....

Yes, the ACI approach comes to mind. If ACLs are very fluid ACIs are the better choice anyway since they closely tie access control to the directory data itself.

Ciao, Michael.

References:
- RE: back-config again
  - From: "Howard Chu" <hyc@highlandsun.com>

Prev by Date: RE: back-config again
Next by Date: Re: back-config again
Index(es):
- Chronological
- Thread