[Date Prev][Date Next]
Re: Reloading ACLs
* Kurt D. Zeilenga
> >* Adam Tauno Williams
> >> >Hi. A quick question: is it possible to reload ACLs without restarting
> >> >the LDAP server?
> >> No. The best way around this is to construct "groupofuniquenames" based ACLs so
> >> you can add/remove DN's without restarting.
> >Hmm.. Would it be feasible to implement this feature, or should I just
> >forget about it?
> It not feasible to implement reload of static configuration
> information without ceasing to process LDAP requests. If
> you cease processing of LDAP requests, you might as well
> just stop and restart the process.
> If you want to have dynamically updatable access control
> information, use the experimental OpenLDAP ACIs code (and
> help make it non-experimental). Of course, placing access
> control information in the directory offers significant
> flexibility at significant security risk.
Aha! This sounds like what I want. But I doubt I'll look into it if I
can get what I want by using slaves. Thanks for the tip anyway.