(Category) (Category) OpenLDAP Faq-O-Matic : (Category) OpenLDAP Software FAQ : (Category) Configuration : (Category) SLAPD Configuration : (Category) Access Control : (Category) Access control customization
Access control can be customized by adding custom code that takes control when access to a certain datum is being checked.

Currently, overlays, SLAPI and DynACL are the mechanisms supported by slapd that allow to write custom code to check access. Their features are much different, and the choice of the "best" solution may not be trivial.

Overlays (and SLAPI, which is currently wrapped into an overlay), are designed to allow the insertion of custom code within the execution of regular operations. Among the other phases of operation handling, they provide a sort of a replacement of the frontend access control capabilities, with the possibility to fall thru to conventional access control as a last resort.

DynACL, instead, is expressely designed as an access control layer; it provides granular access control capabilities cast into the conventional frontend access control.

ACI in OpenLDAP 2.3 has been moved under the DynACL framework. Its functionality and its configuration didn't change.
Answers in this category:
(Answer) Sets
(Answer) Access control by overlays
(Answer) Access control by SLAPI
(Category) DynACL: pluggable access control configuration
(Category) Contribware
[New Answer in "Access control customization"]
Previous: (Category) More information about Access Control
Next: (Answer) Where can I learn more about regular expressions?
This document is: http://www.openldap.org/faq/index.cgi?file=1284
[Search] [Appearance] [Show This Entire Category]
This is a Faq-O-Matic 2.721.test.
© Copyright 1998-2013, OpenLDAP Foundation, info@OpenLDAP.org