> On a slightly related note, in the context of time-relative ACLs, it would > be > worthwhile to define a behavior for time-of-day comparisons (i.e., just > compare hours:minutes:seconds, excluding year/month/day). Companies often > want > to limit access to resources to only a set of office hours, etc. Of course > to > properly handle the "office hours" case would also require day-of-week > matching. That may be getting to be too complicated for this particular > submission, but it seems closely related so I mention it here.
Howard, I was also thinking of something like that. Since we basically have a field available in the matching rule (the asserted value), I suggested to add an assertion syntax defaulting to the empty value. I was planning to turn this assertion syntax into a timestamp mask that allows to filter what fractions should be asserted. Another possibly related issue is locale: the time of slapd is supposed to be UTC, but filtering on working hours and so should be done keeping into account timezone, daylight saving and so. The assertion syntax could handle this in a user-friendly manner. Probably, I better step off and formalize things before further coding. p.
