[Date Prev][Date Next] [Chronological] [Thread] [Top]

ACL resolving

To: "OpenLDAP Software Mailinglist (E-Mail)" <openldap-software@openldap.org>
Subject: ACL resolving
From: "JUNG, Christian" <christian.jung@saarstahl.com>
Date: Wed, 10 Sep 2008 16:26:18 +0200
Content-class: urn:content-classes:message
Thread-index: AckTUTAq5ePXlcrdQGWv4b8uPrsg+w==
Thread-topic: ACL resolving

Hi,

does slapd resolve the ACLs only at start time?

I have following ACL defined:

access to *
        by group/groupOfUniqueNames/uniqueMember="cn=admins,dc=example,dc=com" write
        by * read

which should allow only members of the group cn=admins write access to the whole directory. Others may only read.

The group looks like this:

dn: cn=admins,dc=example,dc=com
objectClass: groupOfUniqueNames
cn: admins
description: LDAP administrators
uniqueMember: cn=manager,dc=example,dc=com
uniqueMember: uid=chris,ou=user,dc=example,dc=com

If I add a member to the group, it seems that I have to restart slapd to allow the new member write access to the directory. Is this correct or am I missing something?


Bye
Chris

-- 
phone: +49 6898/10-4987
web  : www.saarstahl.de
mail : Hofstattstraße 106a
       D 66333 Voelklingen

Follow-Ups:
- Re: ACL resolving
  - From: Quanah Gibson-Mount <quanah@zimbra.com>

Prev by Date: Re: sasl-secprops' minssf not setting SASL SSF correctly
Next by Date: Re: 2-way Multimaster replication (including configuration) and TLS certificate
Index(es):
- Chronological
- Thread