Format of ACL (feature request)

[Ace Suares <ace@suares.nl>]

Hi,

Just a loose thought or two

It seems the format of ther ACL's is rather restrictive. As far as I noticed, 
the follwing stuff happens:


EXAMPLE 1:

access to *
by * none

ERROR 1:
/etc/ldap/qwidoACL/qwido.acl.global: line 300: warning: no by clause(s) 
specified in access line
/etc/ldap/qwidoACL/qwido.acl.global: line 301: unknown directive "by" outside 
backend info and database definitions (ignored)

EXAMPLE 2
access to *
# comment
[tab]by * none

ERROR 2:
/etc/ldap/qwidoACL/qwido.acl.global: line 300: warning: no by clause(s) 
specified in access lines

EXAMPLE 3
[tab]access to *
[tab][tab]by * none

ERROR 3:
No error message, but the entire ACL is ignored.

These examples show that it becomes really difficult to indent the ACL's in 
such a way that they are better readable, or insert comments between ACL's 
for clarity.

Could these restrictions be loosened, so that at least comment lines are just 
ignored (and not translated to 'empty' lines), and that identation might be 
less of a problem ?

Another feature that could make ACL's more simple to maintain, would be the 
define of some constants at the top of the ACL file. It would be really handy 
to, for example, specify:

PEOPLETREE: ou=people,dc=example,dc=com
ADMIN: cn=admin,$PEOPLETREE$

at the top of the file and later use it like this:

access to $PEOPLETREE$
	by $MANAGER$ write
	by users read
	by anonymous auth
	by * none

What do you think ?

_Ace


-- 
Ace Suares' Internet Consultancy
NIEUW ADRES: Postbus 2599, 4800 CN Breda
telefoon: 06-244 33 608
fax en voicemail: 0848-707 705
website: http://www.suares.nl * http://www.qwikzite.nl