[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Access control
On Tue, 25 May 2004, John Borwick wrote:
> Here's a rule I wrote yesterday:
>
> access to dn.subtree="ou=Users,dc=wfu,dc=edu"
> attr=entry,wfuIsPublic,objectClass,uid
> filter=(wfuIsPublic=Y)
> by * read
What is the performance impact of this?
For legacy reasons (early implementations of openldap and Netscape DS),
Brandeis still implements this sort of thing by leaving private attributes
*blank* and defining "brFerpaMail" etc. attributes that particular
applications need to look for specifically, but switching to the above
would be nice...
> For others: does the "group" specification used here respect "memberOf"?
Nope, that's an ActiveDirectory thingie.
--
Rich Graves <rcgraves@brandeis.edu>
UNet Systems Administrator