[Date Prev][Date Next] [Chronological] [Thread] [Top]

olcPcacheAttrset/olcPcacheTemplate values for set acl

To: openldap-technical@openldap.org
Subject: olcPcacheAttrset/olcPcacheTemplate values for set acl
From: Tio Teath <tioteath@gmail.com>
Date: Tue, 20 Nov 2012 00:39:46 +0200
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:date:x-google-sender-auth:message-id:subject :from:to:content-type; bh=ko9TMRU0Y+MTpqwk0zn4u0zmXxvIfqhzP8TeX0rjaxM=; b=lY2BLaDftglSTzG9CEjX/IUUKORnh+aKQw/BUSN4XL0fDbRfDu1YFDhGgcZb8Pkl5x RjxlMe/ddacAjAaTWsjn9FjpC0hdbsi57OyatGJ74Jo+Zbr0ATBJvS4FafjTHNaUGhWM C9iIVTyMbQ6a943bPX98DuD497/6B6zTACmy3WzHK2tzKm1Y8G6ZAC3AZyvHAT5Lq/V+ qvkb8hwqMu6OiubiF7CrEJw82khS9fLfkJNSovL9SKoqe75OTDkUw5ZpNbFjmQtdIV7E uwPv/GbwH5peolF1CVojV8GlsjVMdxy8f74UQbYy5xcrydTuq+HJAonQSd8sKPjM9GEv xWSg==

I'm trying to write ACL, using set entries, like this:
to * by set="[cn=remote group,dc=host]/member & user" write,
where cn=remote group,dc=host is a remote group, available via ldap-proxy.
The remote group looks like this:
dn: cn=remote group,dc=host
cn: remote
member: cn=user1,ou=users,dc=host
member: cn=user2,ou=users,dc=host
objectClass: group

It works fine, except it raises search query to remote ldap server
each time, I'm trying to search against objects, the ACL applies.  Is
it possible to set up pcache overlay to handle such kind of requests
to speed up ACL processing?
Which values  olcPcacheAttrset and olcPcacheTemplate attributes should have?

Prev by Date: Re: OpenLDAP-Client TLS
Next by Date: Re: OpenLDAP-Client TLS
Index(es):
- Chronological
- Thread