[Date Prev][Date Next]
Re: Reloading ACLs
At 02:56 PM 1/4/01 +0100, Vetle Roeim wrote:
>* Adam Tauno Williams
>> >Hi. A quick question: is it possible to reload ACLs without restarting
>> >the LDAP server?
>> No. The best way around this is to construct "groupofuniquenames" based ACLs so
>> you can add/remove DN's without restarting.
>Hmm.. Would it be feasible to implement this feature, or should I just
>forget about it?
It not feasible to implement reload of static configuration
information without ceasing to process LDAP requests. If
you cease processing of LDAP requests, you might as well
just stop and restart the process.
If you want to have dynamically updatable access control
information, use the experimental OpenLDAP ACIs code (and
help make it non-experimental). Of course, placing access
control information in the directory offers significant
flexibility at significant security risk.