>While we're talking about ACLs and ACIs, here's what I'd like to be
>able to do. I'd like to grant rights based on (dynamic)
>relationships between the subject and the object. Like grant access
>to my boss's secretary, or to all my brother's children. My boss
>might change, or his secretary might change, so I don't want to
>hard-code a DN. Likewise, my brother might have a new kid, I don't
>want to have to update my list (or use a group) when his object
>contains this info.
Something like:
access to dn="cn=me..." attrs=entry,title
by dnattr=manager/secretary write
by dnattr=brother/children read