[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Questions on ACL
Hi,
I am currently in the planification phase a large-scale installation of
OpenLDAP for a client. The installation will be used as address book
and authentification repository for various system with 12 000 users at
first (expected to grow near 100 000 in the future).
I have of the most of the issue sorted out (backup, replication, schema,
etc) but I still have a few interrogations concerning ACLs.
First, can the ACL directives be stored outside of slapd.conf ? For
obvious reasons, access to this file have to be pretty much restricted.
If not, that would forbid deleguation of ACL management.
Second, is there a way to have changes in ACLs directive applied without
restarting the service ?
Third, is there a performance penalities for having a lot of ACL
directives ? As a side question, how are ACL processed ? Are they
applied before the search or on the results set ?
Thanks for your insight. Pointer to doc explaining these issue are
welcome. So far, my search for answers to these questions have been
fruitless.
--
Etienne Goyer Linux Québec Technologies Inc.
http://www.LinuxQuebec.com etienne.goyer@linuxquebec.com
PGP Pub Key: http://www.LinuxQuebec.com/pubkeys/eg.key
Fingerprint: F569 0394 098A FC70 B572 5D20 3129 3D86 8FD5 C853