[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: "dynamic" acls



Quanah Gibson-Mount wrote:
--On Wednesday, January 21, 2004 8:33 PM +0100 Alexander Blüm <mailinglists1@gmx.de> wrote:
is it possible to apply new acl rules without restarting slapd?

like disallowing some users acces to a certain branch of the ldap
tree...

That is not possible at this time with ACL's.

One thing you can do, however, is set up an ACL which applies the rule you would like to a certain *group* in the LDAP tree, and then add users to that group. Not quite as dynamic as you might like, but you can use it to achieve the desired effect under certain circumstances. You have to have a good idea beforehand, however, of how your tree will be arranged, and what "permissions" you want to apply.

HTH,
JZ