OpenLDAP Faq-O-Matic: DynACL: pluggable access control configuration

	OpenLDAP Faq-O-Matic : OpenLDAP Software FAQ : Configuration : SLAPD Configuration : Access Control : Access control customization : DynACL: pluggable access control configuration
	The dynacl infrastructure is a native OpenLDAP layer of run-time loadable access control that allows to customize the `<who>` clause of the `<access>` directive in a manner that is much lighter than overlays, since it only impacts access control, and fully harmonized with slapd convetional ACLs, i.e. it is intermixed with the frontend access control lists. NOTE: dynacl is experimental; this means that the API and the syntax may change over time as required by its development.
	The syntax of dynacl is: access to <what> by dynacl/<name>[/<options>][.<dynstyle>][=<pattern>] <access> [<control>] where only the `<name>` field is required, since it identifies what module must be called. More than a module can be listed; they are invoked in that order. The other parameters are passed to the parsing function of the module. The module is expected to provide an access mask, or to modify the current one, within the `<access>` mask that is provided in the configuration line. This means that access to * by dynacl/<name> write will allow that module to grant up to write access, while access to * by dynacl/<name> =xr will allow the same module to grant auth (=x) or read (=r) access or both, but no other access privilege.
	Official dynacl modules: ACI (experimental inside-the-tree access controls) Contribware dynacl modules: posixgroup Unofficial dynacl modules: <none>
	[New Answer in "DynACL: pluggable access control configuration"]

Previous:	Access control by SLAPI
Next:	Contribware

This document is: http://www.openldap.org/faq/index.cgi?file=1287

	[Search]	[Appearance]	[Show This Entire Category]
This is a Faq-O-Matic 2.721.test.