Re: Oracle OpenLDAP PPolicy ppolicy and the hierarchy

[Dieter KlÃnter <dieter@dkluenter.de>]

Am Mon, 23 Dec 2013 18:16:29 +0000
schrieb David Barr <David.Barr2@mclaneat.com>:

> In Use:  Oracle OpenLDAP 2.4.30, I cannot change to the OpenLDAP
> version that one can compile. Problem:  I have the module and overlay
> in the conf files and slaptest says it's fine.  Both files are from
> Openldap.org version 2.4.37But how do I test it?
> 
> I have created unix shell scripts to do actions like add, delete,
> modify, view, etc. I can share these if requested.
> 
> But I am unsure on the lock, unlock, policy stuff.
> 
> Also, How should the OpenLDAP hierarchy look?
> 
> Here's mine:
[...]

I am not arguing your tree design, because it is your decision how to
design a tree according to your requirements.
Giovanni Baruzzi had given presentation about directory design at
LDAPcon-2007 
http://www.guug.de/veranstaltungen/ldapcon2007/slides/Design-of-a-Directory-Information-Tree-presentation.pdf
hopefully this paper will give you some hints.
Locking and unlocking a database operation is not a user operation,
same as locking and unlocking a file on a file system.
With regard to policy, better known as access control, you may  read
http://www.openldap.org/faq/data/cache/189.html
as a starting point, the manual page slapd.access(5) provides further
information.

-Dieter

--
Dieter KlÃnter | Systemberatung
http://dkluenter.de
GPG Key ID:DA147B05
53Â37'09,95"N
10Â08'02,42"E