Hi,
I am currently in the planification phase a large-scale installation of
OpenLDAP for a client. The installation will be used as address book
and authentification repository for various system with 12 000 users at
first (expected to grow near 100 000 in the future).
I have of the most of the issue sorted out (backup, replication, schema,
etc) but I still have a few interrogations concerning ACLs.
First, can the ACL directives be stored outside of slapd.conf ? For
obvious reasons, access to this file have to be pretty much restricted.
If not, that would forbid deleguation of ACL management.
Second, is there a way to have changes in ACLs directive applied without
restarting the service ?
Third, is there a performance penalities for having a lot of ACL
directives ? As a side question, how are ACL processed ? Are they
applied before the search or on the results set ?
Thanks for your insight. Pointer to doc explaining these issue are
welcome. So far, my search for answers to these questions have been
fruitless.