|OpenLDAP Faq-O-Matic : OpenLDAP Software FAQ : Configuration : SLAPD Configuration : Access Control : Access control customization|
Access control can be customized by adding custom code that takes control when access to a certain datum is being checked.
Currently, overlays, SLAPI and DynACL
are the mechanisms supported by slapd that allow to write custom code
to check access. Their features are much different, and the choice
of the "best" solution may not be trivial.
Overlays (and SLAPI, which is currently wrapped into an overlay),
are designed to allow the insertion of custom code within the execution of regular operations.
Among the other phases of operation handling, they provide a sort of
a replacement of the frontend access control capabilities,
with the possibility to fall thru to conventional access control as a last resort.
DynACL, instead, is expressely designed as an access control layer;
it provides granular access control capabilities cast into
the conventional frontend access control.
ACI in OpenLDAP 2.3 has been moved under the DynACL framework.
Its functionality and its configuration didn't change.
|Answers in this category:|
Access control by overlays
Access control by SLAPI
DynACL: pluggable access control configuration
|[New Answer in "Access control customization"]|
|Previous:||More information about Access Control|
|Next:||Where can I learn more about regular expressions?|