[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: More granular privileges in ACLs (Was: (ITS#3625) [enhancement] per-operation ACLs)

Howard Chu wrote:

Yes... Although since our current "by dn=X" clause is already the effective DN I would leave that unchanged, and just add "realdn" thus
access to X by dn=Y realdn=Z

with the realDN ignored if not specified (and so equivalent to current behavior).

Though for consistency's sake, we may want to use by authzDN=Y authcDN=Z

and make "dn=Y" an alias for authzDN=Y for migration...

 -- Howard Chu
 Chief Architect, Symas Corp.       Director, Highland Sun
 http://www.symas.com               http://highlandsun.com/hyc
 Symas: Premier OpenSource Development and Support