[Date Prev][Date Next] [Chronological] [Thread] [Top]

Tree/ACLs design

To: openldap-software@OpenLDAP.org
Subject: Tree/ACLs design
From: Sylwester Lunski <dookie@mat.uni.torun.pl>
Date: Mon, 21 May 2001 20:52:06 +0200 (MET DST)
In-reply-to: <20010521134105.F24502@redhat.com>

I have user accounts with about 50 attributes (personal data, mail
attribs, services attribs,..). Now I would have to create ACLs for:
- read user data
- read attrs for qmail
- modify user (only) data
- create accounts
...

I must write ACLs with about 20 attrs ! Is it slow down ldap server ?
For example, set of user data attribs have about 20 attrs (cn, sn, l,
birthyear,.....), mail attrs too..

Or maybe I must change tree.. Move user data to another subtree ?
But it is problem with modify rights - I cannot use "self modify"
when I have data in two location (for example: givenname and
mailForwarding Address; or user password - where put this ?).

Pleas help with this.

--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
 Sylwester Lunski                        Szanse jedna na milion spelniaja
 Email: dookie@mat.uni.torun.pl          sie w dziewieciu przypadkach na
                                         dziesiec    B.E.Weatherwax
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

References:
- Re: autofs and OpenLDAP integration
  - From: Nalin Dahyabhai <nalin@redhat.com>

Prev by Date: Re: PAM, RADIUS, and ldap
Next by Date: Re: ldif files
Index(es):
- Chronological
- Thread