[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
authz (Re: New tool)
I've started to move a few things to new names (starting
in docs). see slapd.conf(5) in HEAD.
If we assume use of LDIF to migrate from 2.2 to 2.3,
naming the attribute by both names (new first), should
be sufficient.
config file options we can easily alias as well.
With this, HEAD is now clearly for 2.3 development.
(which is good given that we want to move "stable" to
2.2 soon).
Kurt
At 03:33 PM 4/14/2004, Pierangelo Masarati wrote:
>> At 09:26 AM 4/14/2004, Kurt D. Zeilenga wrote:
>>>I have no problem with you committing such. Might be interesting to
>>> extend the whoami test to use it. (Proxy authorization can
>>>apply without use of SASL.)
>>
>> Not sure if your rewrite changes effects the syntax of
>> saslAuthzTo/From attribute values, but if so, it would
>> good to change these attributes' names, e.g.: authzTo/From.
>
>Not directly. They just replace sasl-regexp, allowing more
>sophisticate (e.g. recursive) rules, and (should) mimic the
>existing behavior for backwards compatibility. I'll add the
>"auth-regexp" directive, aliased by "sasl-regexp" for
>compatibility.
>
>>
>> This would also reflect that they are not just for SASL.
>> (e.g., can be used to support the proxy authorization control).
>
>No problem; I note they're in the (evil) OID namespace of OpenLDAP,
>so I guess we can change their specification.
>
>p.
>
>--
>Pierangelo Masarati
>mailto:pierangelo.masarati@sys-net.it