[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: about frequently used ACLs
Sounds like you are trying to implement a name form/
structure rule requirement using an access control...
I'd think it might be better to instead implement
DIT structure rules and name forms
(draft-ietf-ldapbis-models/X.501).
Kurt
At 11:55 PM 2/17/2004, Pierangelo Masarati wrote:
>A frequent use of ACL is in the form:
>
>"allow access to entries that reside
>in a subtree (or exactly one level
>below a subtree) and whose RDN is
>made of a single AVA, with a given
>attributeType."
>
>It's not easy to generate effective
>regexps for this case, and there are
>more efficient means to handle this
>case.
>
>So I suggest a DN style modifier that
>states something like this:
>
>"access to DN below some subtree (with
>one, subtree or children granularity)
>whose [at least one] RDN attributeType
>is <attr>, where "at least one" is
>optional.
>
>Something like:
>
>dn.{onelevel,subtree,children},ava[,multivalued] \
> =<attr>;<pattern>
>
>the same could apply to the <who> clause.
>
>Comments?
>
>Ando.
>
>--
>Pierangelo Masarati
>mailto:pierangelo.masarati@sys-net.it