On 4/7/2011 1:00 μμ, Howard Chu wrote:
Interleaved values such as above may never be returned by an LDAP Search operation. Whether it's desirable for a client to reorganize the data to display as such, I have no opinion.
I know, that's why I mentioned the issue, so that a solution might possibly be found at design time. In long/complex ACLs (ours is already about 1000 lines and growing - in standard format, not RTC), if comments are decoupled from the statements concerned, then they lose a most of their power;
I note that the accesslog overlay already allows you to track the history of individual changes to attributes, so recording an "Entered by <name> on <date>" comment seems both redundant and vague.
Of course; this was just an example to illustrate the use of two comments per statement.
I hope other people will provide feedback on this as well.
Nick.