directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Emmanuel Lecharny <elecha...@apache.org>
Subject Re: Unable to make ACI to work
Date Mon, 16 Jun 2008 19:55:33 GMT
Andreas Kyrmegalos wrote:
> Hello once more,
Hi !
>
>  I was inserting/removing whitespaces myself and finally got it 
> working. Thanks for pointing it out anyway Ersin. Has there been any 
> improvement on this area in version 1.5? Or perhaps something planned 
> for version 2.0?
Most certainly. We are currently relaxing some other parsers 
(AttributeType, ObjectClasses, filters) from such constraints. The next 
one will be the ACI parser, but it's the most complex ...
> It can be very frustrating trying to figure out where whitespaces are 
> needed, and the ACI system is an essential part of a directory service.
Yeah, we are aware of that... If only the problem with ACI were on the 
parser... We have so many improvement to inject in this area !

> I'm thinking out loud here, but wouldn't it be more practical and less 
> error prone to setup aci settings using an extended 
> javax.naming.directory.Attribute class? A prescriptiveACI entry would 
> look something like this:
>
> Attribute prescriptiveACI = new BasicAttribute();
> Attribute prescriptiveACIentry1 = new prescriptiveACIAttribute();
> prescriptiveACIentry1.setID("anID");
> prescriptiveACIentry1.setPrecedence(11);
> prescriptiveACIentry1.setUserFirst(true);
> prescriptiveACIentry1.setUserClasses(new 
> userClass("uid=xxxx,ou=xxxxx,o=xxx"));
>                          OR
> prescriptiveACIentry1.setUserClasses(userClasses);//userClasses is a 
> collection
> Collection<Tuples> tuples = new ArrayList<Tuples>();
> Collection<ProtectedItems> pi = new ArrayList<ProtectedItems>();
> pi.add(new ProtectedItem(PROTECTEDITEMS.entry);
> pi.add(new 
> ProtectedItem(PROTECTEDITEMS.allUserAttributesTypesAndValues.);
> Collection<GrantsAndDenials> gad = new ArrayList<GrantsAndDenials>();
> gad.add(GRANTSANDDENIALS.grantAdd);
> gad.add(GRANTSANDDENIALS.grantRemove);
> tuples.add(new Tuples(pi,gad));
> prescriptiveACIentry1.setTuples(tuples);
> prescriptiveACI.add(prescriptiveACIentry1);

That's an idea, and we may exhibit the inner API we have, but it may 
also be a way to let the users shoot them in the foot.

For advanced users, sure, that is a must have. We just have ways to 
check that the structure is correctly filled.
>
> This way looks a lot more clean, a lot more Java is a lot less error 
> prone and doesn't deviate from the essence of the X.501 spec. Thoughts 
> anyone?
Well, if you feel like bringing some of your ideas to life, we will be 
very please to welcome them !

Thanks !

-- 
--
cordialement, regards,
Emmanuel L├ęcharny
www.iktek.com
directory.apache.org



Mime
View raw message