[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Reloading ACLs

To: Vetle Roeim <vetle@opera.com>
Subject: Re: Reloading ACLs
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Thu, 04 Jan 2001 10:53:49 -0800
Cc: Adam Tauno Williams <adam@morrison-ind.com>, Vetle Roeim <vetle@opera.com>, openldap-software@OpenLDAP.org
In-reply-to: <yay1yujzaii.fsf@tva.ifi.uio.no>
References: <978614444.3a5478ac1eb16@barracuda> <yayk88bzekg.fsf@tva.ifi.uio.no> <978614444.3a5478ac1eb16@barracuda>

At 02:56 PM 1/4/01 +0100, Vetle Roeim wrote:
>* Adam Tauno Williams
>> >Hi. A quick question: is it possible to reload ACLs without restarting
>> >the LDAP server?
>> 
>> No.  The best way around this is to construct "groupofuniquenames" based ACLs so
>> you can add/remove DN's without restarting.
>
>Hmm.. Would it be feasible to implement this feature, or should I just
>forget about it?

It not feasible to implement reload of static configuration
information without ceasing to process LDAP requests.  If
you cease processing of LDAP requests, you might as well
just stop and restart the process.

If you want to have dynamically updatable access control
information, use the experimental OpenLDAP ACIs code (and
help make it non-experimental). Of course, placing access
control information in the directory offers significant
flexibility at significant security risk.

Kurt

Follow-Ups:
- Re: Reloading ACLs
  - From: Vetle Roeim <vetle@opera.com>

References:
- Re: Reloading ACLs
  - From: Adam Tauno Williams <adam@morrison-ind.com>
- Reloading ACLs
  - From: Vetle Roeim <vetle@opera.com>
- Re: Reloading ACLs
  - From: Vetle Roeim <vetle@opera.com>

Prev by Date: Re: Reloading ACLs
Next by Date: Re: 2.x to 1.x replication
Index(es):
- Chronological
- Thread