Skip to Content.
Sympa Menu

grouper-dev - possible ldappc enhancement

Subject: Grouper Developers Forum

List archive

possible ldappc enhancement

Chronological Thread 
  • From: Tom Barton <>
  • To: Grouper Dev <>
  • Subject: possible ldappc enhancement
  • Date: Mon, 19 Feb 2007 14:52:06 -0600

In the agenda for next Wed's conference call I just sent out, I mentioned discussion of a possible enhancement to the way ldappc provisions signet permission objects. Here's a little background in advance.

Ldappc v1.0 supports two representations of a signet permission. One uses the prospective eduPermission object class to represent a permission object as one or more subordinate entries to the grantee's ldap entry. The other represents each permission object as one or more strings of form


where <prefix> is declared in the ldappc config file (eg, ""), and the other substrings are properties of the permission object being provisioned.

Neither approach enables ldappc to maintain an implementation-defined attribute value for (selected) permissions. Eg, express a permission as "eduPersonEntitlement: urn:mace:dir:entitlement:common-lib-terms".

I propose to define a mapping capability in ldappc, perhaps using xsl, to determine the string representation of signet privilege objects. The default string representation would be as it is currently. There'd be a list of privilege selection criteria and associated declarations that are effectively eval'd to produce the non-default string representation of corresponding privilege objects.

At least that's my fodder for our discussion this Wed. See you there.


  • possible ldappc enhancement, Tom Barton, 02/19/2007

Archive powered by MHonArc 2.6.16.

Top of Page