[Date Prev][Date Next] [Chronological] [Thread] [Top]

Questions on ACL

To: openldap-software@OpenLDAP.org
Subject: Questions on ACL
From: Etienne Goyer <etienne.goyer@linuxquebec.com>
Date: Thu, 13 Feb 2003 11:23:49 -0500
Content-disposition: inline
User-agent: Mutt/1.2.5.1i

Hi,

I am currently in the planification phase a large-scale installation of 
OpenLDAP for a client.  The installation will be used as address book 
and authentification repository for various system with 12 000 users at
first (expected to grow near 100 000 in the future).

I have of the most of the issue sorted out (backup, replication, schema, 
etc) but I still have a few interrogations concerning ACLs.

First, can the ACL directives be stored outside of slapd.conf ?  For
obvious reasons, access to this file have to be pretty much restricted.
If not, that would forbid deleguation of ACL management.

Second, is there a way to have changes in ACLs directive applied without
restarting the service ?

Third, is there a performance penalities for having a lot of ACL
directives ?  As a side question, how are ACL processed ?  Are they
applied before the search or on the results set ?

Thanks for your insight.  Pointer to doc explaining these issue are
welcome.  So far, my search for answers to these questions have been
fruitless.
  

-- 
Etienne Goyer                    Linux Québec Technologies Inc.
http://www.LinuxQuebec.com       etienne.goyer@linuxquebec.com
PGP Pub Key: http://www.LinuxQuebec.com/pubkeys/eg.key 
Fingerprint: F569 0394 098A FC70 B572  5D20 3129 3D86 8FD5 C853

Follow-Ups:
- Re: Questions on ACL
  - From: Jeremy Kuhnash <lists@planetzed.net>
- Re: Questions on ACL
  - From: Jeremy Kuhnash <lists@planetzed.net>

Prev by Date: Re: ldapsearch on referrals
Next by Date: RE: openldap and SSL with AD
Index(es):
- Chronological
- Thread