directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marc Boorshtein <>
Subject Re: ACLs questions
Date Mon, 16 May 2005 13:56:33 GMT
> > 2 - What about having an "openLDAP like"
> simplified ACL mechanism ?
> >
> I don't know I have not put enough thought to this
> because there are so 
> many things standing in my way right now like
> implementing subentires so 
> we can store ACLs ;).  However going with their
> scheme might be a good 
> idea.  Can you take the time to research the
> strengths and weaknesses 
> with this approach? 

just a note.  i don't think you'd want to store an ACL
entry as a subtree on an entry.  ACL's can have scope,
so if you store it at the entry level then you'll need
to find the correct entries to determine the correct
access controls.

> Are there other options?  What are the performance
> implications?

There was a draft RFC some time ago that was written
by netscape, sun & ibm.  They never implemented it
though :-(.  The only company i know of that did
anything with the draft was OctetString.  I'll see if
I can find it and post a link.


View raw message