[Date Prev][Date Next] [Chronological] [Thread] [Top]


>>>>> "Michael" == Michael Ströder <michael@stroeder.com> writes:

    Michael> Turbo Fredriksson wrote:
    >> I'm about to extend my 'product' phpQLAdmin to use ACI, but I'm
    >> not sure how to check if this is availible...

    Michael>  From your comment I guess that phpQLAdmin enforces
    Michael> access control to the user. IMHO it's a better
    Michael> application design to let the user bind with his own
    Michael> identity and leave the access control up to the LDAP
    Michael> server.

The LDAP server isn't "fine grained" enough. I can't seem to make
"recursive" ACL's. That is, I can't say

        access to dn=".*?dc=com"
                by dnattr=administrator write
                by * read

and hope that the administrator value will be accessed at the
'dc=com' object whenever something below this is being accessed.

Also, I wan't to have the possibility to do 'dynamic' AC[IL]
updates. Ie, without changing slapd.conf.

    Michael> Additionally note that use of attribute 'aci' is
    Michael> vendor-specific.

I can live with this :) That's why I wanted to know on HOW I can
find out if the LDAP server supports this via a 'simple' query...