Howard Chu wrote:
Rich Megginson wrote:
Michael Ströder wrote:
Pierangelo Masarati wrote:
IMHO, the most appealing feature of ACIs is the fact that in principle access rules get replicated along with data.
The most appealing feature to me would be that a client could in advance determine what access control is in effect and modify the input forms accordingly. But without a common standard there is no point in using in-directory ACIs.
Couldn't you use Get Effective Rights for that?
That would be close, maybe good enough for a GUI. But Get Effective Rights can't tell you about value-specific rights.
BTW, we've recently contributed that feature to OpenLDAP:
http://www.openldap.org/its/index.cgi/?findid=4730
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.n.c. Via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ------------------------------------------ Office: +39.02.23998309 Mobile: +39.333.4963172 Email: pierangelo.masarati@sys-net.it ------------------------------------------