Hi all, being able to restrict extensions has been a long standing enhancement request. We now have a proposal[0] how the access control language could be extended to support this. If you ever had a need to restrict extops/controls to certain users/parts of their directory, this feature is for you:
I would be grateful if you could think about your needs and see how you might be able to fulfill them with the new features. Any feedback on how well it does (not) feel like a good fit, showing use cases it doesn't seem to be able to cover or general usability suggestions, all of the above would be of great help. After initial round of feedback, we'd like to see if this work (or version of it) can become part of 2.7 as an experimental ACL syntax much like set ACLs are now. It would then be subject to stabilisation as we get more confident that the syntax is good enough for people. [0]. https://git.openldap.org/openldap/openldap/-/merge_requests/720 Thanks, -- Ondřej Kuzník Senior Software Engineer Symas Corporation http://www.symas.com Packaged, certified, and supported LDAP solutions powered by OpenLDAP
