[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#3472) return code should be 32 when no access to object

Pierangelo Masarati writes:
>To: "Hallvard B Furuseth" <h.b.furuseth@usit.uio.no>
>> Maybe a slapd.conf statement
>>   access default <disclose/none/read/...>
>> Without this statement, the default would be 'disclose' for the time
>> being, to be changed to 'none' later.  However, insert 'access default
>> none' in the distributed slapd.conf, and maybe make slapd warn if a
>> database has neither 'access to * by * ...' nor 'access default ...'.
> I think your suggestions make a lot of sense;

I don't, anymore:-( Though I still think such a statement would be
useful.  Or is above just a shorthand for having 'access to * by *
disclose break' at the top?

Anyway, I forgot about statements that name the 'none' access level
explicitly.  The above plan would give two transitions instead of one:
One when people started to use 'access default none' or whatever, and
another when the 'none' level is changed to actually mean 'none'.

It would work to instead have a statement which specifies whether 'none'
actually means 'none' or 'disclose'.  But that seems confusing, and I
can't see any benefit except in the transition phase.

OTOH, a similar database-specific statement which means the server _may_
treat 'none' as 'disclose' would be useful, since I believe it would
allow various optimizations - at least in some backends.