[Date Prev][Date Next] [Chronological] [Thread] [Top]

Session tracking control

To: "OpenLDAP-devel@openldap.org" <OpenLDAP-devel@openldap.org>
Subject: Session tracking control
From: Howard Chu <hyc@symas.com>
Date: Tue, 5 Nov 2019 10:30:04 +0000
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0 SeaMonkey/2.53

It looks like we currently parse this control, but only to allow logging its contents, and nothing more.
Seems like it would be useful to carry the parsed info along with the o_authz struct, and make it usable
in the ACL engine. This would allow setting ACLs that can distinguish between different applications acting
on behalf of a given user (or service).

Any security downside to this?
-- 
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/

Follow-Ups:
- Re: Session tracking control
  - From: Michael Ströder <michael@stroeder.com>

Prev by Date: Re: 2.4 commit review
Next by Date: Re: Session tracking control
Index(es):
- Chronological
- Thread