[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Access control config revisited

To: openldap-software@OpenLDAP.org
Subject: Re: Access control config revisited
From: Tony Earnshaw <tonye@billy.demon.nl>
Date: Tue, 30 Dec 2003 11:02:18 +0100
In-reply-to: <4EDC8FA3.5E777788.104D4403@netscape.net>
Organization: Billy
References: <4EDC8FA3.5E777788.104D4403@netscape.net>

man, 29.12.2003 kl. 16.24 skrev rickmesh01@netscape.net:

> Sorry I wasn't very clear.  I got the terms from the OpenLDAP
> Admin User Guide 2.1 chapter 1.2.  I'm starting from the very
> beginning.

Ah. There's recently been some discussion on this list of the DN naming
system to us - and the general opinion seems to be that it all depends
on what you need it for. You might like to search on Google or
alltheweb, starting a month or so ago.

I was weaned on the X.500 style with CN, OU, O, C because that's what
Novell used for NDS - but by the time I started with Openldap I'd long
become an Internet DNS person and found the Internet naming system with
CN, UID, OU, O, DC etc to have wider application. For example, to take
an X.500 DN ending with C=US is o.k., but if you want to map a group of
directories for American universities, it'd be easier to have the last
component as DC=EDU. Similarly, a group of directories British
universities would end in DC=AC,DC=UK.

There's a third one two, which at the moment I don't understand much of,
although I use it for Openldap SASL AUTH. That's the one with things
like CN=DIGEST-MD5,CN=AUTH at the end.

> I have looked at some of the rfc's but that stuff is thick.

Yes, but that's where you'll find what you're looking for. The Openldap
source code tarballs come with a docs/rfc directory with all the relevant
rfcs, that'll tell you all you want to know. Especially rfc2214, rfc3088,
rfc3296.txt. There's even an INDEX file for them all.

> I have also looked at the O'Reilly book but the whole chapter
> just on ACLs is not there.

An awful lot of people would welcome comprehensive docs on Openldap
ACLs.

> I am saving the responses to other ACL questions to help me  
> write my own ACLs.

Again, go back and search in the archives for postings on ACLs. There's
been a tremendous amount during the last year - even the last month -
giving all sorts of info and many posters may not feel inclined to answer,
since the info is already there. 

>   But I am still unsure which directory tree structure we should use.

Then read the rfcs and take your choice ;)

--Tonni


-- 
mail: billy - at - billy.demon.nl
http://billy.demon.nl

Follow-Ups:
- Re: Access control config revisited
  - From: Adam Williams <awilliam@whitemice.org>

References:
- Re: Access control config revisited
  - From: rickmesh01@netscape.net

Prev by Date: Re: can slapcat dump dbb file which size larger than 9G?
Next by Date: Re: can slapcat dump dbb file which size larger than 9G?
Index(es):
- Chronological
- Thread