#49037 ACI on Bind Operation
Closed: wontfix a year ago by spichugi. Opened 5 years ago by msarmadi.

I think having ACI on bind operation is very useful. Especially when it has policy like mature features. For example think of ACI's(or other type of rules) which determine and restrict user authentication based on Client IP, UserDN, Time, comparing an arbitrary user attribute with a value, Role or Group Membership, or other possible constraints.

These ACL decisions should came before accepting connection, successful authentication or - after authentication and right before any read/write/search/compare/... like operations.

This proposal came after some enterprise project we were involved and the requirements that 389ds did not have which could improve usability, functionality and security.

I've posted some scenarios in https://fedorahosted.org/389/ticket/49036 which could help understand the nature of the problem.

Metadata Update from @msarmadi:
- Issue set to the milestone: FUTURE

4 years ago

Metadata Update from @mreynolds:
- Custom field reviewstatus adjusted to None
- Issue close_status updated to: None
- Issue tagged with: RFE

2 years ago

Metadata Update from @mreynolds:
- Issue tagged with: Access Control

2 years ago

389-ds-base is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in 389-ds-base's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/389ds/389-ds-base/issues/2096

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Metadata Update from @spichugi:
- Issue close_status updated to: wontfix
- Issue status updated to: Closed (was: Open)

a year ago

Login to comment on this ticket.