[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: More granular privileges in ACLs (Was: (ITS#3625) [enhancement] per-operation ACLs)

To: openldap-devel@OpenLDAP.org
Subject: Re: More granular privileges in ACLs (Was: (ITS#3625) [enhancement] per-operation ACLs)
From: Howard Chu <hyc@symas.com>
Date: Sat, 02 Apr 2005 13:59:12 -0800
Cc: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>, Pierangelo Masarati <ando@sys-net.it>
In-reply-to: <424F14B9.9050306@symas.com>
References: <200504020834.j328Y8WM008484@boole.openldap.org> <424E9AE0.2090203@sys-net.it> <6.2.1.2.0.20050402080426.072eef80@mail.openldap.org> <424ECED5.6010309@sys-net.it> <6.2.1.2.0.20050402090705.0278b3b8@mail.openldap.org> <424F14B9.9050306@symas.com>
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b2) Gecko/20050401

Howard Chu wrote:

Yes... Although since our current "by dn=X" clause is already the effective DN I would leave that unchanged, and just add "realdn" thus access to X by dn=Y realdn=Z

with the realDN ignored if not specified (and so equivalent to current behavior).


Though for consistency's sake, we may want to use
   by authzDN=Y authcDN=Z

and make "dn=Y" an alias for authzDN=Y for migration...

--
 -- Howard Chu
 Chief Architect, Symas Corp.       Director, Highland Sun
 http://www.symas.com               http://highlandsun.com/hyc
 Symas: Premier OpenSource Development and Support

References:
- More granular privileges in ACLs (Was: (ITS#3625) [enhancement] per-operation ACLs)
  - From: Pierangelo Masarati <ando@sys-net.it>
- Re: More granular privileges in ACLs (Was: (ITS#3625) [enhancement] per-operation ACLs)
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
- Re: More granular privileges in ACLs (Was: (ITS#3625) [enhancement] per-operation ACLs)
  - From: Pierangelo Masarati <ando@sys-net.it>
- Re: More granular privileges in ACLs (Was: (ITS#3625) [enhancement] per-operation ACLs)
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
- Re: More granular privileges in ACLs (Was: (ITS#3625) [enhancement] per-operation ACLs)
  - From: Howard Chu <hyc@symas.com>

Prev by Date: Re: More granular privileges in ACLs (Was: (ITS#3625) [enhancement] per-operation ACLs)
Next by Date: Re: More granular privileges in ACLs (Was: (ITS#3625) [enhancement] per-operation ACLs)
Index(es):
- Chronological
- Thread