[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Considering Attribute Subtypes during ACL evaluation
At 07:39 AM 9/30/00 -0700, Prasanta Behera wrote:
>Currently the netscape/iPlanet DS ACL supports a attribute inheritance of subtypes e.g. if you allow access to
>"cn", it automatically means { cn, cn;* }
>
>However, it is much harder to map "name" to "cn, sn".
I would say that server dependent. If your server has schema
aware ACL evaluation (which I dare say is a must if you intend
to handle alternative naming of attribute types), then handling
subtyping is no big deal.
Of course, subtyping in LDAP is completely optional. I would
argue that subtyping within ACLs should likewise be optional.