Hi, I'm just playing around with aci support in latest OpenLDAP cvs. Therefore I read the mailinglist-archives as well as draft-ietf-ldapext-acl-model-0[346].txt. Since OpenLDAP for now only supports pieces of revision 04 but I need the functionality of making attributes public, means giving access to anonymous users, which got introduced in revision 06, I patched the aci support a bit to allow just that. Therefore I introduced a <dnType> of "public", which ignores the <subjectDN> and just grants whatever right is given by <rights>. So I just want to commit what I done and here the gurus' opinion if there's any oversight or complete misunderstanding which opens security holes. In which direction is aci support going to be developed anyway? Will future drafts or an RFC get implemented or is OpenLDAP going to provide its own syntax? Is development done at all? Thanks for your great work so far! -- bye, Michael
Attachment:
openldap-20000902-aci.patch
Description: Binary data