[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: oot: the best DSA

To: "openldap-software@OpenLDAP.org" <openldap-software@OpenLDAP.org>
Subject: Re: oot: the best DSA
From: "Mark H. Wood" <mwood@IUPUI.Edu>
Date: Fri, 21 Feb 2003 09:07:29 -0500 (EST)
In-reply-to: <3E550E42.7050009@mentata.com>

On Thu, 20 Feb 2003, Jon Roberts wrote:
[snip]
> One more thing before I shut up: another problem with Sun's directory
> server is how they handle access control. The ACL's are affixed as
> attributes to the relevant entries. This scatters your access control
> directives all over the database.

Well, depending on your needs, that is either a problem or a feature.
Having ACLs concentrated in a single file is great if one person manages
all access control, but it makes it nearly impossible to distribute access
control authority.

[Dragging the thread somewhat ontopic]
I found OpenLDAP's ACL implementation very strange when I first looked at
it, after becoming used to seeing ACLs attached to the objects themselves
in other products.  I still think that organic ACLs are better, but then I
dislike and fear centralized authority. :-/

This discussion should move to ldap@umich.edu .

-- 
Mark H. Wood, Lead System Programmer   mwood@IUPUI.Edu
MS Windows *is* user-friendly, but only for certain values of "user".

References:
- Re: oot: the best DSA
  - From: Jon Roberts <jon@mentata.com>

Prev by Date: Re: Openldap crashes on GSSAPI authentication
Next by Date: Re: SASL Bind vs. PHP Bind
Index(es):
- Chronological
- Thread