[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Modifying ACIs programmatically?

--On Monday, November 07, 2005 8:00 PM -0700 Betty Graupe <bgraupe@novell.com> wrote:

Hi all,

I'm using OpenLDAP 2.2.23, and have a question about modifying
access controls on objects (entries) and attributes, from a
program using the OpenLDAP client API (i.e. using ldap_modify_s()
specifying the required pieces of information in the array of
LDAPMod structures passed in).

Is it possible to do this?

I've searched all over Google, and can find lots of information
on changing access controls from the slapd.conf file using the
text-based "access to" directives, but I don't see any samples
of how this can be done programmatically.

If it is possible, any pointers to books, documentation, sample
code, etc. would be greatly appreciated.

I would suggest looking at the OpenLDAP 2.3 cn=config backend, where you can modify ACL's programatically. ACL's are much more secure than ACI's.


Quanah Gibson-Mount
Principal Software Developer
ITSS/Shared Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html

"These censorship operations against schools and libraries are stronger
than ever in the present religio-political climate. They often focus on
fantasy and sf books, which foster that deadly enemy to bigotry and blind
faith, the imagination." -- Ursula K. Le Guin