[Date Prev][Date Next] [Chronological] [Thread] [Top]

Access conttrol as an overlay function


I'm planning to implement SPOCP based access control in OpenLDAP as a overlay.

The overlay will weed out not permitted operations on the way to the backend, and I also plan to let the overlay remove entries, attributes and/or attribute values from search responses comming back from the backends depending on the requestors permissions.

In that context I have been looking for a way to remove individual values from a list of values for a attribute (as well as attributes from a entry). But there doesn't seem to be a nice way to do this. The variant I have seen is that a new array is created and the attribute values that you want to keep are copied there from the old array and then afterwards you swap the new for the old and remove the old.

This seems a bit inefficient to me, so have I missed something. Are there good reason for not, as an example, move BerValues from one BerVarray to another.

-- Roland