[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Need Schema for aci attribute




Quoting Howard Chu <hyc@symas.com>:

Mike Jackson wrote:

Quoting Dieter KlÃnter <dieter@dkluenter.de>:

The attribute type is openLDAPaci. The model is based on
http://tools.ietf.org/html/draft-ietf-ldapext-acl-model-08


Does this FAQ-O-Matic still represent the current situation regarding
the semantics and not recommended for general use?

Yes.


OK, thanks for clarification from both you, Howard, and Dieter. I like in-tree ACIs for the reason that they are replicated without too much concern. OTOH, the olcAccess semantics are very powerful compared to the SUN/Netscape semantics.

The key thing I desire, I suppose, is replicated schema and ACI, but not some/most of the other parts of cn=config. I, like the previous poster today, would like to be able to dynamically adjust logging levels on a per-server basis while replicating other matters of policy. I think it just means a bit more work on the syncrepl access control. Small price to pay for such power, and don't require much touching after initial config anyway, IMO.

-mike