[Date Prev][Date Next]
Re: ACLs based on attributes?
Quoting Dieter Kluenter <email@example.com>:
description: titlemanager telephonemanager addressmanager
This is a single value, you actually want a multi valued attribute type.
Did you define an index for description? ...
No, but that sounds like a good idea.
Quoting Howard Chu <firstname.lastname@example.org>:
It is unnecessary. The description attribute is multivalued, just use
Okay, then the set rule is obviously fine the way it is.
I'll also note that using a set for this purpose is still inferior
to using a dynamic group, in terms of performance. Dynamic group
evaluations are cached, sets are not.
If this "set" solution were to be used on a DIT with 100,000 entries,
would it really slow things down significantly, assuming the
description attribute was indexed?