[Date Prev][Date Next]
Re: User quota on openldap
Having solved my previous problem (Authenticated users can create new entries but then only creator can modify entry) which resembles setting up a sticky bit on a file system directory, I am facing a new one:
How to limit the number of entries an authenticated user can add to a subtree where he has write access.
Think of it as limiting the number of entries on a user's addressbook to prevent denial of service by a user submitting a huge amount of addressbook entries or bookmark entries for an bookmark manager based on openldap.
Is there a way for openldap to count the number of entries a user has added before deciding whether to grant or deny write access to that user but always allow him to modify/delte existing entries.
Nope, but there is a setting for how many entries are returned and/or
time taken. Your bookmark app could set a limit for writes also. See man
slapd.conf for "limits".
OpenLDAP Engineering Team.
Community developed LDAP software.