Andreas Schuldei wrote:
On Sat, Mar 05, 2005 at 02:12:37PM -0800, Howard Chu wrote:"experimental" means they were written freely picking from an internet draft which later expired without resulting into an RFC, so they're not based on any standard track.
Andreas Schuldei wrote:
There are no user-visible changes to ACI support planned. The change I was referring to is to allow dynamic (runtime) changes to regular ACLs. (At that point, I imagine the need for ACIs will vanish, but that's a different matter.)i use the debian packages, which dont have ACIs compiled in (since they are experimental and about to change soon, i hear).
so does that mean that they will no longer be marked experimental?
that would certainly convince the debian packageI see no reason not to build them, because they cannot be used unless explicitly allowed in slapd.conf, so there shouldn't be any security threat. I know of people that are using them routinely and are (almost) happy with them. I've played with them a bit (but not in production). In 2.3 they changed quite a bit in a manner that should be totally transparent to users: there are selected new features, but the nice part is that they moved into a run-time loadable framework that allows user-defined access rules to be plugged in slapd.
maintainers to activate this feature.
or did you imply that ACIs will be removed because they will beUnless they become incompatible with something else, they will not likely be removed.
obsolete?
how could ACLs solve my access problems i described? If i couldYou'll need to wait for back-config to stabilize and get into a release. Could make it into 2.3, but not quite soon, as far as I can tell. It will, at some point.
do with ACLs that would be preferable.
p.
SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497