Adding ACLs dinamically ...

[Ernesto Burtre <ejbsys@altavista.com>]

Is there any possibility to dinamically define ACLs ? 
I mean:  
 
- I have an LDAP directory with this structure: 
 
dn: o=mycompany, c=uy 
o: mycompany 
objectclass: organization 
 
dn: ou=ClientCompany1, o=mycompany, c=uy 
ou: ClientCompany1 
objectclass:organizationalUnit 
 
dn: uid=CCompany1Manager, ou=ClientCompany1, o=mycompany, c=Uruguay 
uid: CCompany1Manager 
userpassword: xxxx 
objectclass: person 
cn: Nestor 
sn: Onetto 
mail: nestoro@adinet.com.uy 
 
- I want to grant user CCompany1Manager in order he 
can add, delete or modify entries only in: 
ou=ClientCompany1, o=mycompany, c=uruguay 
Then, I have to write the appropiate ACL in slapd.conf. 
 
Ok, what's the question then ? Here we go: 
 
What if I have an aplicattion that can create a new ClientCompany (let's say ClientCompany2) 
with a new manager (let's say CCompany2Manger) ? 
 
I'll be needing a new ACL in order to make resticcions 
to this new user. So, How can I add this new ACL at the moment I am creating the 
Organizational Unit and the Manager user for ClientCompany 2 ? 
 
I think that: 
- appending the new ACL to the slapd.conf, 
- stopping ldapserver and starting again for "slapd" 
  to read the new configuration 
 
is not an acceptable solution. That's why I asked: 
 
"Is there any possibility to dinamically define ACLs ?" 
 
at the very begining. 
 
I would aprecciate your answers. 
 
- Ernesto J. Burtre - 


_______________________________________________________________________

Free Unlimited Internet Access! Try it now! 
http://www.zdnet.com/downloads/altavista/index.html

_______________________________________________________________________