Hi Team,

We are currently exploring implementation of ACLs in the LDAP layer, trying to identify what has to be done so that ACEs in objects attributes can be applied effectively.

There is a list of ACL tasks on the wiki: http://wiki.samba.org/index.php/Samb...eDirectory#ACL

Could someone please tell us if this list is up to date? Are there any additional tasks necessary that are not in this list?

We have also found the ldb kludge ACL module, but from the description I see that it covers very basic function.

/* Kludge ACL rules:


* - System can read passwords

* - Administrators can write anything

* - Users can read anything that is not a password



We would also appreciate some feedback on the patent issue. Has it been resolved? If not, do you have any design ideas for working around it, or plans for alternative implementation?

We would like to discuss ACL implementation in detail here or in IRC whenever possible.


Anatoliy Atanasov, Nadezhda Ivanova