Re: (ITS#6198) Authorization for extensions

7 Jul 2009


      hyc@OpenLDAP.org wrote:
...
Full_Name: Howard Chu
Version: HEAD/2.5
OS: 
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (76.91.220.157)
Submitted by: hyc
The access control mechanism needs to be extended to control actions, not just
objects, to control who may use various LDAP Controls and Extended Operations.
+1
...
E.g.
  access to control=<oid> by <who>
  access to op=<operation or oid> by <who>
^^^^^^^^^
What is "operation" supposed to be? I'd prefer only to allow "oid" since
OIDs are the only identifiers clearly specified in RFCs and I-Ds.
Ciao, Michael.

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

Re: (ITS#6198) Authorization for extensions