Re: EXTERNAL and ldapi://

[Pierangelo Masarati <masarati@aero.polimi.it>]

"Kurt D. Zeilenga" wrote:
> 
> At 10:17 AM 2002-01-28, Pierangelo Masarati wrote:
> >"Kurt D. Zeilenga" wrote:
> >> BTW, it would be interesting to create an LDAP
> >> authorization association based upon the Unix
> >> domain credential via getsockopt SCM_CREDENTIALS
> >> (and like mechanisms) and SASL EXTERNAL....
> >
> >Interesting idea, although, quoting the linux documentation project
> >(e.g.
> >http://www.linuxvalley.it/encyclopedia/ldp/manpage/man7/unix.7.php):
> >
> >        SCM_CREDENTIALS and the abstract namespace were introduced
> >        with Linux 2.2 and should not be  used  in  portable  pro­
> >        grams.
> 
> #ifdef SCM_CREDENTIALS /* :-) */
> 
> I note that the idea might be interesting enough to implement
> in HEAD, but not interesting enough to be released.  I have
> no problem with experimenting with interesting ideas in HEAD
> (as long as experiments don't get in the way of other things).

Of course.  I implemented the chmod stuff in ldapi URLs; it works
as 

slapd -h "ldapi://%2Ftmp%2Fldap.sock/????x-mod=-w--w----"

As soon as all that really matters is write permission, 
I'll probably turn it into 

	extension  = ["!"] extype ["=" exvalue]
	extype     = xtoken
	exvalue    = mode mode mode
	xtoken     = "x-mod"
	mode       = "w" / "-"

I also honor the critical flag "!" by ignoring a failure of chmod()
if it is not set (which is questionable, indeed); the default, e.g.
ldapi://[path] implies critical chmod(700).

Ando

-- 
Dr. Pierangelo Masarati               | voice: +39 02 2399 8309
Dip. Ing. Aerospaziale                | fax:   +39 02 2399 8334
Politecnico di Milano                 |
mailto:pierangelo.masarati@polimi.it
via La Masa 34, 20156 Milano, Italy   |
http://www.aero.polimi.it/~masarati