[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: "dynamic" acls





--On Thursday, January 22, 2004 10:05 AM +0100 Turbo Fredriksson <turbo@bayour.com> wrote:

"Quanah" == Quanah Gibson-Mount <quanah@stanford.edu> writes:

>> is it possible to apply new acl rules without restarting slapd? >> >> like disallowing some users acces to a certain branch of the >> ldap tree...

    Quanah> That is not possible at this time with ACL's.

What you CAN do though (even though it's experimental, but works
fine for me) is to use ACI's
(http://www.openldap.org/faq/index.cgi?file=758).

ACI's work for some environments, but they definitely won't work for mine, where ACL's are all entirely tree based, not entry based. Maybe they will work for the person who wants that functionality though.


--Quanah

--
Quanah Gibson-Mount
Principal Software Developer
ITSS/TSS/Computing Systems
ITSS/TSS/Infrastructure Operations
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html