At 03:08 AM 2002-09-06, Howard Chu wrote:
From: Apurva Kumar [mailto:kapurva@in.ibm.com]
LDAP proxy cache docs in HTML.
Thanks. It's a fascinating idea. The effect of ACLs on cached results isn't
considered though; I guess you assume that all clients of the proxy will have
equal privileges on the remote server. (That's a fair enough assumption for
many scenarios, it just needs to be stated.)
You should be able to apply per-user ACLs on information
held in the cache, but use another identity in obtaining
information for the cache.
That is, caching aside, back-ldap should be able to obtain
information using a common identity but return it only if
it matches per-user ACLs.