[Date Prev][Date Next] [Chronological] [Thread] [Top]

Test operations


One month ago, I asked the list about integrating a new ACL model (AACLs), which is currently in test phase, as an overlay.

Now I'm looking to write an extended operation based on the standard, ACI or AACLs access model to allow operations testing.

The first point is about the need of such extended operation : what's your feeling about that ? Mine is that it could be very interesting because of the security model which is already defined in the LDAP directory and could be reuse to avoid a specification of a different model in the applications. So administrators would have to maintain only one model which could be shared between severeals applications.
(The need of a different model between the directory and the application could be satisfied by introducing a back-ldap instance between them with a different security model)

Second point is about the implementation. I think the operation needs three parameters :
- the operation (authentication, compare, search, read, modify, modify RDN, add, delete)
- the entry DN (in creation, the first thing is to get the entry's father DN)
- a list of attributes or null (or the "entry" keyword)
And it have to return one boolean parameter (is the access allowed or not ? for the write access on severels attributes, access would be allowed, if and only if all attributes could be written)

Third point : does this operation need to precised as a draft ?