[Date Prev][Date Next] [Chronological] [Thread] [Top]

Tree/ACLs design



I have user accounts with about 50 attributes (personal data, mail
attribs, services attribs,..). Now I would have to create ACLs for:
- read user data
- read attrs for qmail
- modify user (only) data
- create accounts
...

I must write ACLs with about 20 attrs ! Is it slow down ldap server ?
For example, set of user data attribs have about 20 attrs (cn, sn, l,
birthyear,.....), mail attrs too..

Or maybe I must change tree.. Move user data to another subtree ?
But it is problem with modify rights - I cannot use "self modify"
when I have data in two location (for example: givenname and
mailForwarding Address; or user password - where put this ?).

Pleas help with this.

--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
 Sylwester Lunski                        Szanse jedna na milion spelniaja
 Email: dookie@mat.uni.torun.pl          sie w dziewieciu przypadkach na
                                         dziesiec    B.E.Weatherwax
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-