[Date Prev][Date Next] [Chronological] [Thread] [Top]

Acl options

I have been experimenting with acl's and I am curious 
what is the differens between 
addr and peername
attr and attrs

Also I found a reference to an acl option called set but I can't find
and documentation on it.

Also I seen in the mailing list archive when setting up ssf 
people use 112 bit for authetication and 128 across the wire
and I don't understand why.

In regards to performance peole say that having few acl's as possble will
guarntee macium performance. I have about 11 acl's for certain objects
and I have about 2200 objects in my ldap databse. I haven't expierenced anytype
of performance degredation. 

I am thinking about implelemting the acl domain for certain attributes
and I was wondering would it make sense from a design standpoint to use
domain or libwrap.

When dealing with indexes I am having trouble deciding how indexes should be
treated meaning should they be a equality string or a presence string. I notice
that in the *.schema files there are rules for how all objects are interpreted.
Should I just setup a default index with

index "attr" pres,eq
or look at each attr I want to index and check what how strings are governed 
in the file.

Next what is socket_url I can't seem to find much refernece to it.

When compiling openldap on a unix machine I am trying to decide which options 
to use and I can find any documentation on these options.


Lastly I was wondering if anyone on the list what using ldap to serve 
any kinds of DNS records and I was wondering how that working out for you.

Craig Hancock