[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: User quota on openldap

fathi.engineer@gnet.tn wrote:

Having solved my previous problem (Authenticated users can create new entries but then only creator can modify entry) which resembles setting up a sticky bit on a file system directory, I am facing a new one:

How to limit the number of entries an authenticated user can add to a subtree where he has write access.
Think of it as limiting the number of entries on a user's addressbook to prevent denial of service by a user submitting a huge amount of addressbook entries or bookmark entries for an bookmark manager based on openldap.

Is there a way for openldap to count the number of entries a user has added before deciding whether to grant or deny write access to that user but always allow him to modify/delte existing entries.

Nope, but there is a setting for how many entries are returned and/or time taken. Your bookmark app could set a limit for writes also. See man slapd.conf for "limits".

Kind Regards,

Gavin Henry.
OpenLDAP Engineering Team.

E ghenry@OpenLDAP.org

Community developed LDAP software.