[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: oot: the best DSA



On Thu, 20 Feb 2003, Jon Roberts wrote:
[snip]
> One more thing before I shut up: another problem with Sun's directory
> server is how they handle access control. The ACL's are affixed as
> attributes to the relevant entries. This scatters your access control
> directives all over the database.

Well, depending on your needs, that is either a problem or a feature.
Having ACLs concentrated in a single file is great if one person manages
all access control, but it makes it nearly impossible to distribute access
control authority.

[Dragging the thread somewhat ontopic]
I found OpenLDAP's ACL implementation very strange when I first looked at
it, after becoming used to seeing ACLs attached to the objects themselves
in other products.  I still think that organic ACLs are better, but then I
dislike and fear centralized authority. :-/

This discussion should move to ldap@umich.edu .

-- 
Mark H. Wood, Lead System Programmer   mwood@IUPUI.Edu
MS Windows *is* user-friendly, but only for certain values of "user".