[Date Prev][Date Next] [Chronological] [Thread] [Top]

dynamic ACLs

Hello all.  I'm new to the OpenLDAP list (subscribed today) and new to LDAP
in general.  I'm currently involved in projects that require the
implementation of a directory service.  After doing massive amounts of
reading I believe I have a half-way decent idea of what LDAP is and more
importantly how it can and will fit into the projects that we (my employer)
are involved in.  After much web-surfing/research I have concluded that
OpenLDAP is my best option for satisfying our directory requirements.  The
primary reason for OpenLDAP's selection is it has the best price/performance
(its free and stable) ratio of any LDAP implementation that I researched.
That being said, there is one major shortcoming that I found in OpenLDAP
that directly affects our directory service; you cannot do on the fly ACL
additions or modifications.  As part of my research I dug into LDAP.org's
mailing list archives.  What I couldn't find in the archives was any
concrete direction regarding implementing a more dynamic ACL architecture.
Unfortunately, I'm not a C programmer (I do Java) so I'm unable to
contribute via C code.  It seems that if I, or anyone for that matter, want
dynamic ACL in OpenLDAP, it will have to happen at the application level
instead of in OpenLDAP.
Due to the needs of an extranet application I'm involved in dynamic ACL is a
must.  I'm currently thinking about creating a lightweight Java library that
I will be able to drop into any -java-application that need dynamic ACL
capability.  This brings me to the core reason for posting this message, I
would like to know if there are other java developers on this list who need
the same or similar functionality and would like to _informally_ participate
in developing such a library?  Please note the emphasis on informal.  I have
no interest in incurring the overhead of a full-blown project for two
reasons (1) I don't have the time because my hands are full and (2) I don't
think the solution requires it.  If no one is interested that is fine with
me but at a minimum I hope to inspire discussion on how to satisfy the need
for dynamic ACL capability in OpenLDAP.

Thanx for reading :-)

Dane Foster
Equity Technology Group, Inc