[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Global ACLs - Impacts access control and SLAPI (ITS#3100)

To: openldap-its@OpenLDAP.org
Subject: Re: Global ACLs - Impacts access control and SLAPI (ITS#3100)
From: ando@sys-net.it
Date: Tue, 20 Apr 2004 17:19:57 GMT

> I wouldn't have much problem with slapd only applying
> global ACLs to entries outside of contexts IF
> global ACLs were specified.  But if no global ACLs were
> specified, then first database ACLs should be applied.
>
> This give you your shortcut without, I hope, breaking
> deployments which rely on the existing behavior.

Sure.  I just committed a(n experimental) test to access
rules at parse time, that tries to guess if access rules
are acting strictly within the naming context of a backend
or are totally invalid or match more than the naming context
and so.  It only issues warnings, and is protected behind
#ifdef LDAP_DEVEL; it's not intended for release, but as
"food for thoughts" on how I mean access scoping.  Feel free
to wipe it out any time.

Ando.

-- 
Pierangelo Masarati
mailto:pierangelo.masarati@sys-net.it

Prev by Date: Re: Global ACLs - Impacts access control and SLAPI (ITS#3100)
Next by Date: JLDAP DSMLWriter replacing special characters (ITS#3102)
Index(es):
- Chronological
- Thread