[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Human-friendly olcAccess management



Bogdan Rudas wrote:
> I would like to start use of olcAccess rules, are there human-friendly
> editor for that ACLs?
> I can't even use line breaks in ldif file to make my restrictions a bit
> more readable! I strongly dislike very long string values, one day this
> will cause mistake and access violation.

That's the reason why I still strongly recommend to use static configuration
files, especially when setting up slapd via puppet with .erb templates.

Last week I had to modify some ACLs in cn=config. It took me much more time to
do this than modifying a static configuration.

I'm currently playing with 'olcAccess' attribute handling in my web2ldap.
It's very cumbersome:
Normally web2ldap trys to preserve exactly what's in a LDAP entry when
generating the input form for modification so that there won't be any
modification if the user did not alter any value but accidently hit the submit
button. I could not figure out how to achieve this with all the white-spacing
variants olcAccess values can contain because normalizing the values in some
way would likely lead to a different value.

Ciao, Michael.

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature