[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Reloading ACLs

* Kurt D. Zeilenga
> >* Adam Tauno Williams
> >> >Hi. A quick question: is it possible to reload ACLs without restarting
> >> >the LDAP server?
> >> 
> >> No.  The best way around this is to construct "groupofuniquenames" based ACLs so
> >> you can add/remove DN's without restarting.
> >
> >Hmm.. Would it be feasible to implement this feature, or should I just
> >forget about it?
> It not feasible to implement reload of static configuration
> information without ceasing to process LDAP requests.  If
> you cease processing of LDAP requests, you might as well
> just stop and restart the process.

Ok. Thanks.

> If you want to have dynamically updatable access control
> information, use the experimental OpenLDAP ACIs code (and
> help make it non-experimental). Of course, placing access
> control information in the directory offers significant
> flexibility at significant security risk.

Aha! This sounds like what I want. But I doubt I'll look into it if I
can get what I want by using slaves. Thanks for the tip anyway.