[Date Prev][Date Next]
>>>>> "Michael" == Michael Ströder <firstname.lastname@example.org> writes:
Michael> Turbo Fredriksson wrote:
>> I'm about to extend my 'product' phpQLAdmin to use ACI, but I'm
>> not sure how to check if this is availible...
Michael> From your comment I guess that phpQLAdmin enforces
Michael> access control to the user. IMHO it's a better
Michael> application design to let the user bind with his own
Michael> identity and leave the access control up to the LDAP
The LDAP server isn't "fine grained" enough. I can't seem to make
"recursive" ACL's. That is, I can't say
access to dn=".*?dc=com"
by dnattr=administrator write
by * read
and hope that the administrator value will be accessed at the
'dc=com' object whenever something below this is being accessed.
Also, I wan't to have the possibility to do 'dynamic' AC[IL]
updates. Ie, without changing slapd.conf.
Michael> Additionally note that use of attribute 'aci' is
I can live with this :) That's why I wanted to know on HOW I can
find out if the LDAP server supports this via a 'simple' query...
- From: Turbo Fredriksson <email@example.com>
- Re: ACI
- From: Michael Ströder <firstname.lastname@example.org>