[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: authzTO/authzFrom, OpenLDAPaci X-ORDERED?
> Pierangelo Masarati wrote:
>> I think we should add the "X-ORDERED 'VALUES'" exension to
>> authzTo/authzFrom; we could also use that instead of the OID to
>> maintain OpenLDAPaci ordered (or just leave the OID in place but
>> ignore it, as much as it occurs in current code). I'm currently
>> working at ITS#3877 & 3921, and could take care of this in the
>> meanwhile. I understand this would be a bit intrusive, so better do
>> it in the early stage of a new minor. Comments?
>>
> re: authzTo/From - Sounds good to me. re: OpenLDAPaci - yeah, I think
> it would be an improvement, not sure if people are relying on its
> current format.
Someone is using it: we get feedback, patches and so. I think the real
plus of ACIs is their cross-vendor replicability. Since this does not
exist, there's little need for them with 2.3, and breaking the syntax even
disallows replicability across versions of OpenLDAP. That's why I do
hesitate. On the other hand, I think adding normalization (an extension
to ITS#3921 patch I've prepared) and, significantly, the "X-ORDERED
'VALUES'" exension, would ease the implementation of management tools.
Maybe I'll better fork yet another OpenLDAPaci attribute and support both,
so that cross-version ACI replication will be possible for a while.
p.
--
Pierangelo Masarati
mailto:pierangelo.masarati@sys-net.it
SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497