[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Access Control List question for Open LDAP

To: "Mangold, Chris" <Chris_Mangold@inter-tel.com>
Subject: Re: Access Control List question for Open LDAP
From: Adam Williams <awilliam@whitemice.org>
Date: 24 Oct 2002 20:54:07 -0400
Cc: "OpenLDAP.org" <openldap-software@OpenLDAP.org>
In-reply-to: <2A477ACFCB59F546A105018592D1C6830689E1@TMS-NT-EVS01.inter-tel.com>
References: <2A477ACFCB59F546A105018592D1C6830689E1@TMS-NT-EVS01.inter-tel.com>

>I am working a on directory hierarchy that will make heavy use of 
>organizational person object types in the directory tree. Under each
>organizational person entity there can be additional organizational
>units and/or other objects added. What I was interested in doing was
>modifying the Access Control List each time a new organizational person
>is added so that entity has the rights to add/modify/read any
>subordinate objects. 

This is a pretty common configuration and can be accomplished using
regular expression in the rules (granting access to subordinate
objects).

>Question is: Can the Access Control List be modified dynamically or is
>my only option to manually add the CAL directives and restart the LDAP
>server.

No the ACL stack cannot be modified dynamically.

Follow-Ups:
- Re: Access Control List question for Open LDAP
  - From: Daniel Lorch <ml-daniel@lorch.cc>

References:
- Access Control List question for Open LDAP
  - From: "Mangold, Chris" <Chris_Mangold@inter-tel.com>

Prev by Date: RE: Multimaster further work
Next by Date: RE: compare uidNumber in LDAP
Index(es):
- Chronological
- Thread