[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: User quota on openldap

To: fathi.engineer@gnet.tn
Subject: Re: User quota on openldap
From: Gavin Henry <ghenry@OpenLDAP.org>
Date: Wed, 13 Aug 2008 23:42:52 +0100
Cc: openldap-software@OpenLDAP.org
In-reply-to: <20080806141757.BWN40770@mailbox1.gnet.tn>
Organization: OpenLDAP Project
References: <20080806141757.BWN40770@mailbox1.gnet.tn>
User-agent: Thunderbird 2.0.0.16 (X11/20080707)

fathi.engineer@gnet.tn wrote:

Hi,

Having solved my previous problem (Authenticated users can create new entries but then only creator can modify entry) which resembles setting up a sticky bit on a file system directory, I am facing a new one:

How to limit the number of entries an authenticated user can add to a subtree where he has write access.
Think of it as limiting the number of entries on a user's addressbook to prevent denial of service by a user submitting a huge amount of addressbook entries or bookmark entries for an bookmark manager based on openldap.

Is there a way for openldap to count the number of entries a user has added before deciding whether to grant or deny write access to that user but always allow him to modify/delte existing entries.

Nope, but there is a setting for how many entries are returned and/or time taken. Your bookmark app could set a limit for writes also. See man slapd.conf for "limits".

--
Kind Regards,

Gavin Henry.
OpenLDAP Engineering Team.

E ghenry@OpenLDAP.org

Community developed LDAP software.

http://www.openldap.org/project/

References:
- User quota on openldap
  - From: <fathi.engineer@gnet.tn>

Prev by Date: Re: delta-syncrepl only replicates some data (attempting N-way master)
Next by Date: Re: translucent overlay and binding
Index(es):
- Chronological
- Thread