[Date Prev][Date Next] [Chronological] [Thread] [Top]

Questions on ACL



Hi,

I am currently in the planification phase a large-scale installation of 
OpenLDAP for a client.  The installation will be used as address book 
and authentification repository for various system with 12 000 users at
first (expected to grow near 100 000 in the future).

I have of the most of the issue sorted out (backup, replication, schema, 
etc) but I still have a few interrogations concerning ACLs.

First, can the ACL directives be stored outside of slapd.conf ?  For
obvious reasons, access to this file have to be pretty much restricted.
If not, that would forbid deleguation of ACL management.

Second, is there a way to have changes in ACLs directive applied without
restarting the service ?

Third, is there a performance penalities for having a lot of ACL
directives ?  As a side question, how are ACL processed ?  Are they
applied before the search or on the results set ?

Thanks for your insight.  Pointer to doc explaining these issue are
welcome.  So far, my search for answers to these questions have been
fruitless.
  

-- 
Etienne Goyer                    Linux Québec Technologies Inc.
http://www.LinuxQuebec.com       etienne.goyer@linuxquebec.com
PGP Pub Key: http://www.LinuxQuebec.com/pubkeys/eg.key 
Fingerprint: F569 0394 098A FC70 B572  5D20 3129 3D86 8FD5 C853