[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Configuring access control

To: Florida Estrella Cainglet <Florida.Estrella@cern.ch>
Subject: Re: Configuring access control
From: Tony Earnshaw <tonni@billy.demon.nl>
Date: 19 Mar 2003 18:22:33 +0100
Cc: openldap-software@OpenLDAP.org
In-reply-to: <D518413EB875E849ACC5EA71BE45312B0AB165@cernxchg04.cern.ch>
Organization:
References: <D518413EB875E849ACC5EA71BE45312B0AB165@cernxchg04.cern.ch>

ons, 2003-03-19 kl. 16:10 skrev Florida Estrella Cainglet:

> OpenLDAP Manual
> Chapter 5 The slapd Configuration File
> Section 5.3 Access Control
> "Access to slapd entries... by access configuration file directive..."
> 
> Implying that access control is solely file-based, ie code-based
> config/reconfig of acls not possible.
> 
> Is my understanding correct?

Depends on your version.

A codeable form is available in 2.1.x, though few use it. In para. 5.3
of the Admin guide you'll find a very cryptic single line; in 'man
slapd.access' details and in Adam Williams'
ftp://ftp.kalamazoolinux.org/pub/pdf/ldapv3.pdf a comprehensive
explanation with, as adjoinder, words to the effect of: "not advisable".

The main reason is, that once implemented, ACLs rarely need to be
changed.

Best,

Tony

-- 

Tony Earnshaw

247,035 lemmings can't be wrong ...
Ask the man from Framfjord

e-post:		tonni@billy.demon.nl
www:		http://www.billy.demon.nl

References:
- Configuring access control
  - From: "Florida Estrella Cainglet" <Florida.Estrella@cern.ch>

Prev by Date: Re: Configuring access control
Next by Date: Re: mhs* Attributes
Index(es):
- Chronological
- Thread