Hello,
Thanks to all your feedbacks, they helped me a lot and raised a severe limitation in the original design. I updated the design following the aci syntax proposed during the discussion. On the implementation side, it is a bit more complex but less than I expected. I have not yet investigated the impact of ger operations.
I think a big work will be the test side as the ACI syntax provides many options.
http://port389.org/wiki/Access_control_on_trees_specified_in_MODDN_operation
Note: I kept for the moment the original design in 'alternative no1'.
regards thierry
389-devel@lists.fedoraproject.org