Thank you, You are right about one problem.
However, I believe what you are proposing is not a solution to the problem I'm talking
about. Just because, in the problem I'm addressing, I can't and it is not possible
to use your method.
As I said, the applications we are using are not all of them supporting search or group
check. So for those which does not support your method, I posted this problem. Your
solution is not addressing this problem and is for the case which application supports
those things.
-
Additionally, to support my idea of ACI on Bind, I think having ACI on Bind operation just
like others(read,write,...) has many advantages. I could talk about many things like
improve security. For example think of an environment which you want to protect your
directory from unwanted access, even "bind", based on a policy, time or ip for
example.
Please mention that this mechanism is available in some other products, and also some
vendors have developed policy aware directory or a proxy which adds those to the simple
directory. (e.g. netiq edirectory or ldap proxy) I mean this need / requirement is actual
and natural.