On Fri, 2006-11-03 at 01:46 +0100, Pierangelo Masarati wrote: > Andrew Bartlett wrote: > > Sorry, this seems a bit recursive. I'm lost. > > > In fact, it is. The point is that what you're asking for may not comply > with the ACL model of most DSA implementations, which usually is a > desirable model for a number of reasons. What you need is a > "cooperative" DSA administrator that agrees to use only a subset of the > ACL semantics so that their effect can be computed a priori, without any > knowledge of the values that are/will be stored in the attributes. > Under this assumption, implementing the feature you desire should be > straightforward. Or you simply ignore checks for value when evaluating the ACL, and declare that the attribute may be written to if there is any possible valid value. That should be enough for GUI writers to use for simple user-feedback, with a more detailed error reported to a user on the actual modify failure. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Red Hat Inc. http://redhat.com
Attachment:
signature.asc
Description: This is a digitally signed message part
-- Fedora-directory-devel mailing list Fedora-directory-devel@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-devel
