839c46c Ticket 208 - [RFE] Roles with explicit scoping in RHDS

Authored and Committed by tbordaz 10 years ago
    Ticket 208 - [RFE] Roles with explicit scoping in RHDS
    
    Bug Description:
    	A limitation of the application using the role mechanism is that the scope of a role
    	is the subtree where the role is defined.
    	That means the role definitions are often mixed with the entries they are dealing with.
    	Usually configuration info are seperated from the data. This RFE aims to separate the
    	role definitions from the DIT subtree where are stored the entries
    
    Fix Description:
    	This RFE introduces a new configuration attribute 'nsRoleScopeDN' in the role definition.
    	This attribute specifies the subtree where the role apply.
    	See http://directory.fedoraproject.org/wiki/Creation_of_an_explicit_scoping_for_the_roles_%28ticket_208%29
    
    https://fedorahosted.org/389/ticket/208
    
    Reviewed by: Noriko Hosoi (thanks Noriko !)
    
    Platforms tested: Fedora 17
    
    Flag Day: no
    
    Doc impact: yes
    
    	A role definition (entry with Objectclass=nsRoleDefinition), may contain an optional single valued attribute
    	'nsRoleScopeDN'.
    	In that case, the role does not apply to the subtree where it is defined but to the subtree referred by 'nsRoleScopeDN'.
    	'nsRoleScopeDN' is a DN syntax attribute. To be taken into account, its value must be a subtree under the suffix
    	where the role is defined.
    	If not present or with invalid value, the role will apply to the subtree where it is defined.
    
        
file modified
+2 -1