[Kolab-devel] setting allowcrossdomainacls yes

[Gavin McCullagh]

Hi,

On Wed, 01 Sep 2010, Jeroen van Meeuwen (Kolab Systems) wrote:

> Gavin McCullagh wrote:
> > 
> > On Fri, 27 Aug 2010, Jeroen van Meeuwen (Kolab Systems) wrote:
> > > But the patch / feature implementation may most definitely not allow the 
> > > following to happen:
> > > 
> > > ceo at novell.com versus lawyer at sco.com
> > 
> > Oh dear.  That's pretty much what we have.  Is that much harder to deal
> > with?
> 
> No, it's the same functionality. These are both on the other side of the court 
> room regularly, hence I took these two companies as an example to emphasize my 
> point. However, "novell.com" vs. "sco.com" is actually besides the point.

I now better understand your choice of examples, thanks for spelling it out :-)

As you say, DAC alone within our multi-domain organisation would not be a
problem (it's what we want), but I can see the need for MAC where it comes
to a general hosting provider.

> Don't worry, it's not; You have a completely normal use-case scenario here. 
> It's merely a tiny little bit different from what I had mentioned as examples; 
> the point was that foo.domain.tld could be matched to bar.domain.tld by the 
> existence of common denominator "domain.tld"; they are in the same upper-level 
> domain name space. The other example listed a company that has company.tld1 
> for one country it operates in and company.tld2 for another country. Your 
> situation is much the same to the latter example.

So, as I understand it, what you've implemented is strictly DAC for now and
the feature is turned off by default (the simplest form of MAC).

Given that DAC alone suits me and our v2.2.4 server is in production now
with all three domains active, am I in a position to turn
cross domain acls on or do we need to take extra technical steps to do so?

Is the feature in use elsewhere in production?

Gavin