[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: "dynamic" acls

To: John Ziniti <jziniti@speakeasy.org>
Subject: Re: "dynamic" acls
From: Alexander Blüm <mailinglists1@gmx.de>
Date: Wed, 21 Jan 2004 23:43:49 +0100
Cc: openldap-software@OpenLDAP.org
In-reply-to: <400EF3FD.40103@speakeasy.org>
References: <20040121203348.373e97ac@earth.bx> <597790557.1074686794@cadabra.stanford.edu> <400EF3FD.40103@speakeasy.org>

thank you.


would you have to use the groupOfNames?

could you show an example?

if not - then thank you anyway for directing on the "right path".


On Wed, 21 Jan 2004 16:49:49 -0500
John Ziniti <jziniti@speakeasy.org> wrote:

> Quanah Gibson-Mount wrote:
> > --On Wednesday, January 21, 2004 8:33 PM +0100 Alexander Blüm 
> > <mailinglists1@gmx.de> wrote:
> >> is it possible to apply new acl rules without restarting slapd?
> >>
> >> like disallowing some users acces to a certain branch of the ldap
> >> tree...
> > 
> > That is not possible at this time with ACL's.
> 
> One thing you can do, however, is set up an ACL which applies the
> rule you would like to a certain *group* in the LDAP tree, and then
> add users to that group.  Not quite as dynamic as you might like,
> but you can use it to achieve the desired effect under certain
> circumstances.  You have to have a good idea beforehand, however,
> of how your tree will be arranged, and what "permissions" you
> want to apply.
> 
> HTH,
> JZ
> 
> 


-- 
cheers,
  Alex

Follow-Ups:
- Re: "dynamic" acls
  - From: John Ziniti <jziniti@speakeasy.org>

References:
- "dynamic" acls
  - From: Alexander Blüm <mailinglists1@gmx.de>
- Re: "dynamic" acls
  - From: Quanah Gibson-Mount <quanah@stanford.edu>
- Re: "dynamic" acls
  - From: John Ziniti <jziniti@speakeasy.org>

Prev by Date: Re: error with smbldap-useradd.pl
Next by Date: Can't replicate using updatedn
Index(es):
- Chronological
- Thread