directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Trustin Lee <trus...@gmail.com>
Subject Re: [ApacheDS] another question while implementing ACDFEngine
Date Sat, 24 Sep 2005 00:12:43 GMT
2005/9/24, Alex Karasulu <aok123@bellsouth.net>:
>
> > Now I see that we can get apDN easily in case of prescriptiveACI
> > because it is an attribute of subentry. But what about entryACI? How
> > can I find an appropriate administrative point?
>
> Question is does this evaluation apply? Do you need an AP at all to
> evaluate for an entryACI?


There is a userClass called 'subtree'. It specifies users belong to the
specified subtree. The problem is that 'subtree' userClass specifies only
subtreeSpecifications. How can I evaluate them whether the current user DN
belongs to the subtree or not without knowing apDN?

So... I thought we might have to assume that there's only one administrative
point for users, 'ou=users, ou=system'. But I'm not sure this is a right
choice.

Trustin
--
what we call human nature is actually human habit
--
http://gleamynode.net/

Mime
View raw message