2005/9/24, Alex Karasulu <[EMAIL PROTECTED]>:
There is a userClass called 'subtree'. It specifies users belong to the specified subtree. The problem is that 'subtree' userClass specifies only subtreeSpecifications. How can I evaluate them whether the current user DN belongs to the subtree or not without knowing apDN?
So... I thought we might have to assume that there's only one administrative point for users, 'ou=users, ou=system'. But I'm not sure this is a right choice.
Trustin
-- > Now I see that we can get apDN easily in case of prescriptiveACI
> because it is an attribute of subentry. But what about entryACI? How
> can I find an appropriate administrative point?
Question is does this evaluation apply? Do you need an AP at all to
evaluate for an entryACI?
There is a userClass called 'subtree'. It specifies users belong to the specified subtree. The problem is that 'subtree' userClass specifies only subtreeSpecifications. How can I evaluate them whether the current user DN belongs to the subtree or not without knowing apDN?
So... I thought we might have to assume that there's only one administrative point for users, 'ou=users, ou=system'. But I'm not sure this is a right choice.
Trustin
what we call human nature is actually human habit
--
http://gleamynode.net/
