[Date Prev][Date Next]
- To: OpenLDAP Devel <openldap-devel@OpenLDAP.org>
- Subject: Test operations
- From: Sébastien Bahloul <email@example.com>
- Date: Fri, 19 Nov 2004 12:12:20 +0100
- Organization: Linagora
- User-agent: Mozilla Thunderbird 0.9 (Windows/20041103)
One month ago, I asked the list about integrating a new ACL model
(AACLs), which is currently in test phase, as an overlay.
Now I'm looking to write an extended operation based on the standard,
ACI or AACLs access model to allow operations testing.
The first point is about the need of such extended operation : what's
your feeling about that ? Mine is that it could be very interesting
because of the security model which is already defined in the LDAP
directory and could be reuse to avoid a specification of a different
model in the applications. So administrators would have to maintain only
one model which could be shared between severeals applications.
(The need of a different model between the directory and the application
could be satisfied by introducing a back-ldap instance between them with
a different security model)
Second point is about the implementation. I think the operation needs
three parameters :
- the operation (authentication, compare, search, read, modify, modify
RDN, add, delete)
- the entry DN (in creation, the first thing is to get the entry's
- a list of attributes or null (or the "entry" keyword)
And it have to return one boolean parameter (is the access allowed or
not ? for the write access on severels attributes, access would be
allowed, if and only if all attributes could be written)
Third point : does this operation need to precised as a draft ?