[Date Prev][Date Next]
Re: Access control
On Tue, 25 May 2004, John Borwick wrote:
> Here's a rule I wrote yesterday:
> access to dn.subtree="ou=Users,dc=wfu,dc=edu"
> by * read
What is the performance impact of this?
For legacy reasons (early implementations of openldap and Netscape DS),
Brandeis still implements this sort of thing by leaving private attributes
*blank* and defining "brFerpaMail" etc. attributes that particular
applications need to look for specifically, but switching to the above
would be nice...
> For others: does the "group" specification used here respect "memberOf"?
Nope, that's an ActiveDirectory thingie.
Rich Graves <firstname.lastname@example.org>
UNet Systems Administrator