[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: no more direct support ACIs?

On Fri, 2005-12-09 at 14:43 +0100, Pierangelo Masarati wrote:
> I'd remove direct ACI support from the next 2.3 release, moving
> SLAP_DYNACL from #ifdef LDAP_DEVEL to configure, with a --enable-dynacl
> switch.  The --enabe-aci would remain, and it would imply --enable-
> dynacl.  The old syntax would be supported, but undocumented, and only
> the new one, by way of dynacl, would be advertised.
> This way, nothing would change for current regular users of ACIs (except
> perhaps for a warning when configuring with the old syntax), but at
> least new users would have to go thru the new interface.  Next step will
> be to remove them from static build, an move to contrib as a dynamic
> module.
> Comments (like, keep it for 2.4 :) ?

I've posted a FAQ entry
<http://www.openldap.org/faq/data/cache/1284.html> that discusses access
control customization, from sets to ACIs to dynacl.

Let me stress that, as I wrote in the initial message, ACIs will remain
part of slapd; only, they have already been factored out of access
control code, and they likely will move into a run-time loaded module,
but the original functionality will be fully preserved.


Ing. Pierangelo Masarati
Responsabile Open Solution

SysNet s.n.c.
Via Dossi, 8 - 27100 Pavia - ITALIA
Office:   +39.02.23998309          
Mobile:   +39.333.4963172
Email:    pierangelo.masarati@sys-net.it