Uploaded image for project: 'OpenDJ'
  1. OpenDJ
  2. OPENDJ-3426

Support limited global access control enforcement for proxied data

    XMLWordPrintable

Details

    Description

      This requirement is part for the MVP definition for 4.0.0.

      • the proxy code is 100% SDK API, yet the access control handler uses server API so we'll need to use the various adapters. This could be tricky depending on how much "server" API the ACI handler depends on, e.g. DirectoryServer.getEntry(), ClientConnection, etc
      • what support should be provided? We cannot do fine grained access control for write operations because we don't have access to the targeted entry's content. Similarly, we cannot easily do fine grained access control for searches, because not all attributes will be included in the entries returned by the remote server. We may be able to support most user/group primitives, especially if the backend server supports post-read for bind requests which could return the user's entry and group DNs.

      Attachments

        Activity

          People

            matthew Matthew Swift
            matthew Matthew Swift
            Matthew Swift Matthew Swift
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: