[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACIs and OL 2.3, rfc ?

To: openldap-software@openldap.org
Subject: Re: ACIs and OL 2.3, rfc ?
From: Ralf Haferkamp <rhafer@suse.de>
Date: Wed, 14 Feb 2007 13:41:37 +0100
Content-disposition: inline
In-reply-to: <Pine.LNX.4.64.0702141207520.2517@kehillah.jewish.org.pl>
References: <87sldb8dju.fsf@pumba.bayour.com> <Pine.LNX.4.64.0702141207520.2517@kehillah.jewish.org.pl>
User-agent: KMail/1.9.5

On Wednesday 14 February 2007 12:10, Piotr Wadas wrote:
> Regarding "broken ACI concept" - does any rfc
> speaks something about concept of dynamically assigned priviledges
> to ldap directory entries? Or does it recommend avoiding
> such policies?
To my knowledge there is no RFC on this topic. There are (or rather were) 
however some internet drafts that talk about LDAP Access Control Models. The 
current ACI implementation in OpenLDAP is AFAIK to some extend similar (but 
only to some extend) to what is described in 
draft-ietf-ldapext-acl-model-xx.txt.

Another Access Control Model is described in draft-legg-ldap-acm-bac-xx.txt, 
which is an adaption of the X.500 Basic Access Control and Simple Access 
Control scheme to LDAP.

Note, however that both drafts expired already some time ago.

-- 
Ralf Haferkamp
SUSE LINUX Products GmbH, Maxfeldstrasse 5, D-90409 Nuernberg
T: +49-911-74053-0
F: +49-911-74053575 - Ralf.Haferkamp@suse.com

References:
- ACIs and OL 2.3
  - From: Turbo Fredriksson <turbo@bayour.com>
- Re: ACIs and OL 2.3, rfc ?
  - From: Piotr Wadas <pwadas@jewish.org.pl>

Prev by Date: Re: slapcat hangs without error message
Next by Date: Re: slapcat hangs without error message
Index(es):
- Chronological
- Thread