On Wednesday 14 February 2007 12:10, Piotr Wadas wrote:
Regarding "broken ACI concept" - does any rfc speaks something about concept of dynamically assigned priviledges to ldap directory entries? Or does it recommend avoiding such policies?
To my knowledge there is no RFC on this topic. There are (or rather were) however some internet drafts that talk about LDAP Access Control Models. The current ACI implementation in OpenLDAP is AFAIK to some extend similar (but only to some extend) to what is described in draft-ietf-ldapext-acl-model-xx.txt.
Another Access Control Model is described in draft-legg-ldap-acm-bac-xx.txt, which is an adaption of the X.500 Basic Access Control and Simple Access Control scheme to LDAP.
Note, however that both drafts expired already some time ago.