[Date Prev][Date Next]
I've seen a few notes about group membership being specified recursively in
the archives (about a year ago). Someone evidently submitted a patch, but it
was never added to the production line?
I'm interested in what the thinking is on this notion.
What I want to do is essentially define groups such as:
In this case (obviously) the goal is to rationalize ACL definitions: One ACL
per protected attribute, and the engine can traverse the groups. But the
applications are myriad. Here's just a teense.
member: cn=Electronic Sales
member: cn=Direct Marketing
member: cn=Park Muggers
There's all kinds of set math which could be done once, intelligently, in the
server, and which would save many people implmenting it badly, repeatedly, in
- Allen S. Rout