directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ersin Er" <ersin...@cs.hacettepe.edu.tr>
Subject Re: Discussion on porting X.500 ACIItem to LDAP
Date Thu, 15 Sep 2005 07:43:03 GMT

> { identificationTag \"id1\" , precedence 114, authenticationLevel
> basicLevels:{ level none, localQualifier 23, signed FALSE },
> itemOrUserFirst itemFirst:{ protectedItems{ entry, attributeType
> { 1.2.3, ou }, attributeValue { ou=people, cn=Ersin }, rangeOfValues
> (cn=ErsinEr) }, itemPermissions { { userClasses {allUsers, userGroup
> { \"1.2=y,z=t\", \"a=b,c=d\" }, subtree { { base \"ou=people\" } } },
> grantsAndDenials { denyCompare, grantModify } } } }}
>
> takes 391 bytes (and only because we only have ASCII chars !). This is
> huge ! 90% of all those bytes are identifier (the T part of TLVs).

This is one that is almost the shortest to write :-) Identifiers should be
there to obey GSER RFCs. This is really a big spec when you think that a
Set of SubtreeSpecifications is only a small part of the grammar..

I can change the grantsAndDenials to recognize a string of certain number
of 0's and 1's something like '10101010'B. However Trustin will have to
write a lot of bitwise code to handle this component in his ACDF. If we
choose this way we must exactly determine which fields are necessary for
ldap while it's not a flexible structure.

-- Ersin


Mime
View raw message