[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACIs and OL 2.3, rfc ?

On Wednesday 14 February 2007 12:10, Piotr Wadas wrote:
> Regarding "broken ACI concept" - does any rfc
> speaks something about concept of dynamically assigned priviledges
> to ldap directory entries? Or does it recommend avoiding
> such policies?
To my knowledge there is no RFC on this topic. There are (or rather were) 
however some internet drafts that talk about LDAP Access Control Models. The 
current ACI implementation in OpenLDAP is AFAIK to some extend similar (but 
only to some extend) to what is described in 

Another Access Control Model is described in draft-legg-ldap-acm-bac-xx.txt, 
which is an adaption of the X.500 Basic Access Control and Simple Access 
Control scheme to LDAP.

Note, however that both drafts expired already some time ago.

Ralf Haferkamp
SUSE LINUX Products GmbH, Maxfeldstrasse 5, D-90409 Nuernberg
T: +49-911-74053-0
F: +49-911-74053575 - Ralf.Haferkamp@suse.com