directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ersin Er" <ersin...@gmail.com>
Subject Re: Unable to make ACI to work
Date Mon, 16 Jun 2008 19:00:22 GMT
Hi,

On Mon, Jun 16, 2008 at 21:10, Andreas Kyrmegalos <andreask1@vivodinet.gr>
wrote:

> Hello once more,
>
>  I was inserting/removing whitespaces myself and finally got it working.
> Thanks for pointing it out anyway Ersin. Has there been any improvement on
> this area in version 1.5? Or perhaps something planned for version 2.0?


I think we have improved whitespace handling in 1.5. And I suggest you use
1.5 as 1.0 is considered to be quite old.


> It can be very frustrating trying to figure out where whitespaces are
> needed, and the ACI system is an essential part of a directory service. I'm
> thinking out loud here, but wouldn't it be more practical and less error
> prone to setup aci settings using an extended
> javax.naming.directory.Attribute class? A prescriptiveACI entry would look
> something like this:
>
> Attribute prescriptiveACI = new BasicAttribute();
> Attribute prescriptiveACIentry1 = new prescriptiveACIAttribute();
> prescriptiveACIentry1.setID("anID");
> prescriptiveACIentry1.setPrecedence(11);
> prescriptiveACIentry1.setUserFirst(true);
> prescriptiveACIentry1.setUserClasses(new
> userClass("uid=xxxx,ou=xxxxx,o=xxx"));
>                         OR
> prescriptiveACIentry1.setUserClasses(userClasses);//userClasses is a
> collection
> Collection<Tuples> tuples = new ArrayList<Tuples>();
> Collection<ProtectedItems> pi = new ArrayList<ProtectedItems>();
> pi.add(new ProtectedItem(PROTECTEDITEMS.entry);
> pi.add(new ProtectedItem(PROTECTEDITEMS.allUserAttributesTypesAndValues.);
> Collection<GrantsAndDenials> gad = new ArrayList<GrantsAndDenials>();
> gad.add(GRANTSANDDENIALS.grantAdd);
> gad.add(GRANTSANDDENIALS.grantRemove);
> tuples.add(new Tuples(pi,gad));
> prescriptiveACIentry1.setTuples(tuples);
> prescriptiveACI.add(prescriptiveACIentry1);
>
> This way looks a lot more clean, a lot more Java is a lot less error prone
> and doesn't deviate from the essence of the X.501 spec. Thoughts anyone?


Well infact we have such an API but it's internal to the server. We may
consider having an external one. Thanks for this suggestion.


Glad it worked for you.

Greetings,


>
> Regards,
> Andreas


-- 
Ersin

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message