Please see:
http://www.openldap.org/faq/data/cache/52.html
OpenLDAP Faq-O-Matic
\_OpenLDAP Software FAQ
\_Configuration
\_SLAPD Configuration
\_Access Control
\_How do I use groups as manage access controls?
Mike.
Jeremy Kuhnash <lists@planetzed.net> 02/14/03 04:49am >>>
This is the second question in a week with basically the same content:
How can you handle directory writing on a basis other than 'self' or
matching a single user like manager? The openldap manual _even skips_
the 'regex' method of defining ACLs, but there must be a way to do it.
I
too would like users to be able to store address books in LDAP for
roaming and sharing purposes ... this is huge information when being a
proponent of the use of openldap over things like Lotus Domino or Msft.
Exchange.
Thanks,
Jeremy
Etienne Goyer wrote:
Hi,
I am currently in the planification phase a large-scale installation
of
OpenLDAP for a client. The installation will be used as address book
and authentification repository for various system with 12 000 users
at
first (expected to grow near 100 000 in the future).
I have of the most of the issue sorted out (backup, replication,
schema,
etc) but I still have a few interrogations concerning ACLs.
First, can the ACL directives be stored outside of slapd.conf ? For
obvious reasons, access to this file have to be pretty much
restricted.
If not, that would forbid deleguation of ACL management.
Second, is there a way to have changes in ACLs directive applied
without
restarting the service ?
Third, is there a performance penalities for having a lot of ACL
directives ? As a side question, how are ACL processed ? Are they
applied before the search or on the results set ?
Thanks for your insight. Pointer to doc explaining these issue are
welcome. So far, my search for answers to these questions have been
fruitless.