Regarding "broken ACI concept" - does any rfc
speaks something about concept of dynamically assigned priviledges
to ldap directory entries? Or does it recommend avoiding
such policies?
Regards,
Piotr
Piotr Wadas wrote:
Regarding "broken ACI concept" - does any rfc
speaks something about concept of dynamically assigned priviledges
to ldap directory entries? Or does it recommend avoiding
such policies?
AFAIK, nothing made it into an RFC; what OpenLDAP's ACIs are (loosely)
based on is . Ot
On Wednesday 14 February 2007 12:10, Piotr Wadas wrote:
> Regarding "broken ACI concept" - does any rfc
> speaks something about concept of dynamically assigned priviledges
> to ldap directory entries? Or does it recommend avoiding
> such policies?
To my knowledge there is no RFC on this topic. The
>
> IMHO, the most appealing feature of ACIs is the fact that in principle access
> rules get replicated along with data. However, the lack of a standard defeats
> this purpose when getting to cross-implementation replication, migration and
> so. Moreover, one might want to have different access
Piotr Wadas wrote:
That's ok, I just started using cn=config lately and I'm not familiar
with it, however, isn't there other side of penny - one can modify
config information without restarting, but modified information
is not stored/saved between restarts ? ACI is somehow "static", although
it'
Pierangelo Masarati wrote:
Piotr Wadas wrote:
That's ok, I just started using cn=config lately and I'm not familiar
with it, however, isn't there other side of penny - one can modify
config information without restarting, but modified information
is not stored/saved between restarts ? ACI is so
Howard Chu wrote:
Pierangelo Masarati wrote:
Piotr Wadas wrote:
That's ok, I just started using cn=config lately and I'm not familiar
with it, however, isn't there other side of penny - one can modify
config information without restarting, but modified information
is not stored/saved between r
Quoting Pierangelo Masarati <[EMAIL PROTECTED]>:
> Finally, right now access control on OpenLDAP's slapd can be
> modified without the need to stop and restart it, by means of
> cn=config;
Sounds cool. I'll have a look at it. But I gather that is just
ACL's in the database?
And the very consept
Pierangelo Masarati wrote:
>
> IMHO, the most appealing feature of ACIs is the fact that in principle
> access rules get replicated along with data.
The most appealing feature to me would be that a client could in advance
determine what access control is in effect and modify the input forms
accor
Michael Ströder wrote:
Pierangelo Masarati wrote:
IMHO, the most appealing feature of ACIs is the fact that in principle
access rules get replicated along with data.
The most appealing feature to me would be that a client could in advance
determine what access control is in effect and
Rich Megginson wrote:
Michael Ströder wrote:
Pierangelo Masarati wrote:
IMHO, the most appealing feature of ACIs is the fact that in principle
access rules get replicated along with data.
The most appealing feature to me would be that a client could in advance
determine what access con
Howard Chu wrote:
> Rich Megginson wrote:
>> Michael Ströder wrote:
>>> Pierangelo Masarati wrote:
>>>
IMHO, the most appealing feature of ACIs is the fact that in principle
access rules get replicated along with data.
>>>
>>> The most appealing feature to me would be that a c
12 matches
Mail list logo
