(Answer) (Category) OpenLDAP Faq-O-Matic : (Category) OpenLDAP Software FAQ : (Category) Configuration : (Category) SLAPD Configuration : (Category) Access Control : (Category) Access control customization : (Answer) Access control by overlays
Overlays allow access control customization by providing a bi_access_allowed hook.

This function is called whenever accessing a specific value of an attribute of an entry, so it gives the highest granularity and flexibility in implementing custom access control that can entirely bypass the functionalities provided by slapd.

When an overlay that provides the bi_access_allowed hook is instantiated, the control during access checking is passed to the overlay's function first. That function may return 0 (deny) or 1 (grant); in this case, the result value is immediately returned to the caller.

If that function returns SLAP_CB_CONTINUE, the control is passed to the following overlay in the list, and eventually to the database specific function, if any, or to the frontend function for conventional access checking.

[Append to This Answer]
Previous: (Answer) Sets
Next: (Answer) Access control by SLAPI
This document is: http://www.openldap.org/faq/index.cgi?file=1285
[Search] [Appearance]
This is a Faq-O-Matic 2.721.test.
© Copyright 1998-2013, OpenLDAP Foundation, info@OpenLDAP.org