directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alex Karasulu <>
Subject Re: [ApacheDS] Another failed draft on access control
Date Sun, 18 Sep 2005 15:47:19 GMT
Marc Boorshtein wrote:

> Just as an FYI, this is the model that Octet String's ACLs are based 
> on (I think there are a few additions) and it's worked quite well for 
> them.

Yes I figured this re: the implementation of [0].  Actually I was 
looking at the version of Octet String (OS) embedded within the BEA 
Weblogic server and discovered that this specification was implemented.

According to [0] though it looks as though a subentry is used but it's 
not a full subentry in the sense that it does not leverage a subtree 
specification as defined in [1].  Instead this draft presumes two kinds 
of ACI's: entryACI and subtreeACI.  Makes sense though since this draft 
expired before [1] was ever proposed as a draft.  The subtreeACI has a 
DN similar to the base of a subtree specification.  It represents the 
subtree below that DN as far as I can gather.  There is no chop 
component as I can see after a breif look.

Does the Octet String server implement subentries as defined in [1] for 
this purpose?  Or does the server strictly follow this draft: [0]?


View raw message