[Date Prev][Date Next] [Chronological] [Thread] [Top]

Access conttrol as an overlay function

To: OpenLDAP Commit <openldap-devel@OpenLDAP.org>
Subject: Access conttrol as an overlay function
From: Roland Hedberg <roland@catalogix.se>
Date: Thu, 01 Jul 2004 22:53:22 +0200
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040113

Hi!

I'm planning to implement SPOCP based access control in OpenLDAP as a overlay.

The overlay will weed out not permitted operations on the way to the backend, and I also plan to let the overlay remove entries, attributes and/or attribute values from search responses comming back from the backends depending on the requestors permissions.

In that context I have been looking for a way to remove individual values from a list of values for a attribute (as well as attributes from a entry). But there doesn't seem to be a nice way to do this. The variant I have seen is that a new array is created and the attribute values that you want to keep are copied there from the old array and then afterwards you swap the new for the old and remove the old.

This seems a bit inefficient to me, so have I missed something. Are there good reason for not, as an example, move BerValues from one BerVarray to another.

-- Roland

Follow-Ups:
- Re: Access conttrol as an overlay function
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

Next by Date: Re: Access conttrol as an overlay function
Index(es):
- Chronological
- Thread