hyc@symas.com wrote:
This looks mostly like ACI to me, with some special inheritance rules. Is it still relevant?
AFAIR that was a custom ACL checking development that I found interesting from a technical point of view but (I might be wrong) of limited usefulness outside the scope it was developed for. In the meanwhile, and probably triggered by that posting, I added several ways of customizing access checking: via overlays, using dynacl (that was added earlier, for the purpose of isolating ACIs, but it could have served the same purpose). In this sense, I don't think this contribution can be of any use right now; it coulr be turned into a dynacl for custom use by the posters, or by anyone who find it useful.
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it --------------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Email: pierangelo.masarati@sys-net.it ---------------------------------------