[Date Prev][Date Next] [Chronological] [Thread] [Top]

New ACL model and test operations

To: openldap-devel@OpenLDAP.org
Subject: New ACL model and test operations
From: Sébastien Bahloul <bahloul@linagora.com>
Date: Thu, 21 Oct 2004 01:17:15 +0200
User-agent: Mozilla Thunderbird 0.8 (X11/20040918)

Hello,

First point : I am looking to integrate a new ACL model in OpenLDAP.

The main idea of this model is that relationship between entries is the main key of authorizing to search or modify entries. So i thought of a relation oriented ACL model. It has not be concepted to replace ACL or ACI, but to fill the gap between ACL and ACI !

The choice to use entries to store these new ACL may also be reused : by using LDAP entries, ACL are synchronized between master and slaves.

I give a first try (which is located at Sourceforge - aacls.sourceforge.net) which is now in beta stage. It has been designed as a backend but i don't think now that this was the good choice.

So i want to know if it could be interesting to rewrite and integrate it in OpenLDAP.

The second point is about test operations : the main idea is, if the directory is able to know when authenticated users are authorized to write on a attribute, to create or to delete an entry, administration interfaces could use these information to generate pages. So what do you think about implementing a LDAP extended operation which can test a particular right (i.e. right to modify the attribute of a special entry, depending of the authenticated user) ?

(the test write operation is also part of the first try publicated on SourceForge)

Best regards,

Sebastien.

Follow-Ups:
- Re: New ACL model and test operations
  - From: Pierangelo Masarati <ando@sys-net.it>

Prev by Date: Re: substring filter/index algorithms
Next by Date: Re: New ACL model and test operations
Index(es):
- Chronological
- Thread