[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: authzTO/authzFrom, OpenLDAPaci X-ORDERED?

> Pierangelo Masarati wrote:
>> I think we should add the "X-ORDERED 'VALUES'" exension to
>> authzTo/authzFrom; we could also use that instead of the OID to
>> maintain OpenLDAPaci ordered (or just leave the OID in place but
>> ignore it, as much as it occurs in current code).  I'm currently
>> working at ITS#3877 & 3921, and could take care of this in the
>> meanwhile.  I understand this would be a bit intrusive, so better do
>> it in the early stage of a new minor.  Comments?
> re: authzTo/From - Sounds good to me.  re: OpenLDAPaci - yeah, I think
> it would be an improvement, not sure if people are relying on its
> current format.

Someone is using it: we get feedback, patches and so.  I think the real
plus of ACIs is their cross-vendor replicability.  Since this does not
exist, there's little need for them with 2.3, and breaking the syntax even
disallows replicability across versions of OpenLDAP.  That's why I do
hesitate.  On the other hand, I think adding normalization (an extension
to ITS#3921 patch I've prepared) and, significantly, the "X-ORDERED
'VALUES'" exension, would ease the implementation of management tools.

Maybe I'll better fork yet another OpenLDAPaci attribute and support both,
so that cross-version ACI replication will be possible for a while.


Pierangelo Masarati

    SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497