[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openldap-bugs
Subject:    (ITS#4806) allow internal operations to require more specific access
From:       ando () sys-net ! it
Date:       2007-01-16 21:12:12
Message-ID: 200701162112.l0GLCCML040922 () boole ! openldap ! org
[Download RAW message or body]

Full_Name: Pierangelo Masarati
Version: HEAD,re23
OS: irrelevant
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (81.72.89.40)
Submitted by: ando


Occasionally, internal operations, and significantly searches, are performed for
some given purpose which would require different access privileges than, for
example in case of searches, "search" on the filter and "read" on the data.  In
those cases, it may be useful to allow issuers of internal operations to change
the access privilege that's requested.

This feature (is implemented to address an issue with slapo-dynlist(5) which
uses an internal search to collect data for compare, and thus checks "search"
access on the filter of the memberURL and "read" on the datum to be compared.

See <http://www.openldap.org/lists/openldap-devel/200701/msg00056.html> for
discussion.


[prev in list] [next in list] [prev in thread] [next in thread]