[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#6198) Authorization for extensions

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#6198) Authorization for extensions
From: michael@stroeder.com
Date: Tue, 7 Jul 2009 07:39:02 GMT
Auto-submitted: auto-generated (OpenLDAP-ITS)

hyc@OpenLDAP.org wrote:
> Full_Name: Howard Chu
> Version: HEAD/2.5
> OS: 
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (76.91.220.157)
> Submitted by: hyc
> 
> 
> The access control mechanism needs to be extended to control actions, not just
> objects, to control who may use various LDAP Controls and Extended Operations.

+1

> E.g.
>   access to control=<oid> by <who>
>   access to op=<operation or oid> by <who>
                  ^^^^^^^^^
What is "operation" supposed to be? I'd prefer only to allow "oid" since
OIDs are the only identifiers clearly specified in RFCs and I-Ds.

Ciao, Michael.

Prev by Date: (ITS#6198) Authorization for extensions
Next by Date: Re: (ITS#6198) Authorization for extensions
Index(es):
- Chronological
- Thread