[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#3625) [enhancement] per-operation ACLs
What about modify operations which add entries, or
add operations that modify existing entries, or
delete operations that do searches, or searches
that do deletes?
Is it the LDAP op code that matters here? or the
underlying DIT operation? I think the latter.
Maybe it would make more sense to divide "w"
into different kinds of writes?
Kurt
At 12:16 PM 4/1/2005, ando@sys-net.it wrote:
>ando@sys-net.it wrote:
>
>>I'll prepare a prototype in a moment.
>>
>>
>The patch is @
><ftp://ftp.openldap.org/incoming/pierangelo.masarati.per-op-acl-2005-04-01.patch>
>
>Syntax:
>
>access to [...] op=[!]<oplist>
> by ...
>where <oplist> is a comma-separated list of "compare", "search" (same as
>"read"), "add", "delete", "modify", "rename" (same as "write"), "bind",
>"extended". I haven't considered "unbind" and "abandon", because they
>seem to make little sense, nor specialized "extended" to the known ops
>because this is just to get the feeling.
>
>Please comment.
>
>Ciao, p.
>
>
> SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497