[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Access Control List question for Open LDAP



>I am working a on directory hierarchy that will make heavy use of 
>organizational person object types in the directory tree. Under each
>organizational person entity there can be additional organizational
>units and/or other objects added. What I was interested in doing was
>modifying the Access Control List each time a new organizational person
>is added so that entity has the rights to add/modify/read any
>subordinate objects. 

This is a pretty common configuration and can be accomplished using
regular expression in the rules (granting access to subordinate
objects).

>Question is: Can the Access Control List be modified dynamically or is
>my only option to manually add the CAL directives and restart the LDAP
>server.

No the ACL stack cannot be modified dynamically.