directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ersin Er" <ersin...@gmail.com>
Subject Re: Unable to make ACI to work
Date Mon, 16 Jun 2008 19:02:23 GMT
By the way, are you aware of the excellent Apache Directory Studio??

Please see http://directory.apache.org/studio/

It also has nice ACI editing support via GUI.

Ersin Er
http://www.ersin-er.name

On Mon, Jun 16, 2008 at 22:00, Ersin Er <ersin.er@gmail.com> wrote:

> Hi,
>
> On Mon, Jun 16, 2008 at 21:10, Andreas Kyrmegalos <andreask1@vivodinet.gr>
> wrote:
>
>> Hello once more,
>>
>>  I was inserting/removing whitespaces myself and finally got it working.
>> Thanks for pointing it out anyway Ersin. Has there been any improvement on
>> this area in version 1.5? Or perhaps something planned for version 2.0?
>
>
> I think we have improved whitespace handling in 1.5. And I suggest you use
> 1.5 as 1.0 is considered to be quite old.
>
>
>> It can be very frustrating trying to figure out where whitespaces are
>> needed, and the ACI system is an essential part of a directory service. I'm
>> thinking out loud here, but wouldn't it be more practical and less error
>> prone to setup aci settings using an extended
>> javax.naming.directory.Attribute class? A prescriptiveACI entry would look
>> something like this:
>>
>> Attribute prescriptiveACI = new BasicAttribute();
>> Attribute prescriptiveACIentry1 = new prescriptiveACIAttribute();
>> prescriptiveACIentry1.setID("anID");
>> prescriptiveACIentry1.setPrecedence(11);
>> prescriptiveACIentry1.setUserFirst(true);
>> prescriptiveACIentry1.setUserClasses(new
>> userClass("uid=xxxx,ou=xxxxx,o=xxx"));
>>                         OR
>> prescriptiveACIentry1.setUserClasses(userClasses);//userClasses is a
>> collection
>> Collection<Tuples> tuples = new ArrayList<Tuples>();
>> Collection<ProtectedItems> pi = new ArrayList<ProtectedItems>();
>> pi.add(new ProtectedItem(PROTECTEDITEMS.entry);
>> pi.add(new ProtectedItem(PROTECTEDITEMS.allUserAttributesTypesAndValues.);
>> Collection<GrantsAndDenials> gad = new ArrayList<GrantsAndDenials>();
>> gad.add(GRANTSANDDENIALS.grantAdd);
>> gad.add(GRANTSANDDENIALS.grantRemove);
>> tuples.add(new Tuples(pi,gad));
>> prescriptiveACIentry1.setTuples(tuples);
>> prescriptiveACI.add(prescriptiveACIentry1);
>>
>> This way looks a lot more clean, a lot more Java is a lot less error prone
>> and doesn't deviate from the essence of the X.501 spec. Thoughts anyone?
>
>
> Well infact we have such an API but it's internal to the server. We may
> consider having an external one. Thanks for this suggestion.
>
>
> Glad it worked for you.
>
> Greetings,
>
>
>>
>> Regards,
>> Andreas
>
>
> --
> Ersin
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message