[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: "dynamic" acls

To: Turbo Fredriksson <turbo@bayour.com>, openldap-software@OpenLDAP.org
Subject: Re: "dynamic" acls
From: Quanah Gibson-Mount <quanah@stanford.edu>
Date: Thu, 22 Jan 2004 01:57:48 -0800
Content-disposition: inline
In-reply-to: <878yk0ic9i.fsf@papadoc.bayour.com>
References: <20040121203348.373e97ac@earth.bx> <597790557.1074686794@cadabra.stanford.edu> <878yk0ic9i.fsf@papadoc.bayour.com>

--On Thursday, January 22, 2004 10:05 AM +0100 Turbo Fredriksson <turbo@bayour.com> wrote:

"Quanah" == Quanah Gibson-Mount <quanah@stanford.edu> writes:


    >> is it possible to apply new acl rules without restarting slapd?
    >>
    >> like disallowing some users acces to a certain branch of the
    >> ldap tree...

    Quanah> That is not possible at this time with ACL's.

What you CAN do though (even though it's experimental, but works
fine for me) is to use ACI's
(http://www.openldap.org/faq/index.cgi?file=758).

ACI's work for some environments, but they definitely won't work for mine, where ACL's are all entirely tree based, not entry based. Maybe they will work for the person who wants that functionality though.

--Quanah

--
Quanah Gibson-Mount
Principal Software Developer
ITSS/TSS/Computing Systems
ITSS/TSS/Infrastructure Operations
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html

Follow-Ups:
- Re: "dynamic" acls
  - From: Turbo Fredriksson <turbo@bayour.com>

References:
- "dynamic" acls
  - From: Alexander Blüm <mailinglists1@gmx.de>
- Re: "dynamic" acls
  - From: Quanah Gibson-Mount <quanah@stanford.edu>
- Re: "dynamic" acls
  - From: Turbo Fredriksson <turbo@bayour.com>

Prev by Date: RE: Compilation of OpenLDAP ver. 2.2.4
Next by Date: RE: Compilation of OpenLDAP ver. 2.2.4
Index(es):
- Chronological
- Thread