[Date Prev][Date Next]
Access conttrol as an overlay function
- To: OpenLDAP Commit <openldap-devel@OpenLDAP.org>
- Subject: Access conttrol as an overlay function
- From: Roland Hedberg <email@example.com>
- Date: Thu, 01 Jul 2004 22:53:22 +0200
- User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040113
I'm planning to implement SPOCP based access control in OpenLDAP as a
The overlay will weed out not permitted operations on the way to the
backend, and I also plan to let the overlay remove entries, attributes
and/or attribute values from search responses comming back from the
backends depending on the requestors permissions.
In that context I have been looking for a way to remove individual
values from a list of values for a attribute (as well as attributes from
a entry). But there doesn't seem to be a nice way to do this. The
variant I have seen is that a new array is created and the attribute
values that you want to keep are copied there from the old array and
then afterwards you swap the new for the old and remove the old.
This seems a bit inefficient to me, so have I missed something. Are
there good reason for not, as an example, move BerValues from one
BerVarray to another.