[Date Prev][Date Next]
Re: ACIs and OL 2.3, rfc ?
Quoting Pierangelo Masarati <email@example.com>:
> Finally, right now access control on OpenLDAP's slapd can be
> modified without the need to stop and restart it, by means of
Sounds cool. I'll have a look at it. But I gather that is just
ACL's in the database?
And the very consept of ACL is worse than whatever you can think
of regarding ACI's. If I want to give ONE user access to ONE
attribute in ONE object (and many such rules), then ACLs would
very quickly become ... unmanagable. With ACI's its very obvious
> there is work in progress to allow configuration
> replication. As such, OpenLDAP offers better means to achieve the
> same purpose without ACIs, with the access determinism guaranteed by
> avoiding the use of ACIs.
I argue against the word 'same'. But the meaning of the exact word
I guess you're right, I'd say just _a lot_ more complicated/unmanagable
in the long run...