[Fedora-directory-devel] Attribute to determine allowed write attributes?
Andrew Bartlett
abartlet at samba.org
Fri Nov 3 01:16:44 UTC 2006
On Fri, 2006-11-03 at 01:46 +0100, Pierangelo Masarati wrote:
> Andrew Bartlett wrote:
> > Sorry, this seems a bit recursive. I'm lost.
> >
> In fact, it is. The point is that what you're asking for may not comply
> with the ACL model of most DSA implementations, which usually is a
> desirable model for a number of reasons. What you need is a
> "cooperative" DSA administrator that agrees to use only a subset of the
> ACL semantics so that their effect can be computed a priori, without any
> knowledge of the values that are/will be stored in the attributes.
> Under this assumption, implementing the feature you desire should be
> straightforward.
Or you simply ignore checks for value when evaluating the ACL, and
declare that the attribute may be written to if there is any possible
valid value.
That should be enough for GUI writers to use for simple user-feedback,
with a more detailed error reported to a user on the actual modify
failure.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Red Hat Inc. http://redhat.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-directory-devel/attachments/20061103/364c1e96/attachment.sig>
More information about the Fedora-directory-devel
mailing list