(Category) (Category) OpenLDAP Faq-O-Matic : (Category) OpenLDAP Software FAQ : (Category) Configuration : (Category) SLAPD Configuration : (Category) Access Control : (Category) Access control customization : (Category) DynACL: pluggable access control configuration
The dynacl infrastructure is a native OpenLDAP layer of run-time loadable access control that allows to customize the <who> clause of the <access> directive in a manner that is much lighter than overlays, since it only impacts access control, and fully harmonized with slapd convetional ACLs, i.e. it is intermixed with the frontend access control lists.

NOTE: dynacl is experimental; this means that the API and the syntax may change over time as required by its development.

The syntax of dynacl is:
    access to <what>
        by dynacl/<name>[/<options>][.<dynstyle>][=<pattern>] <access> [<control>]
where only the <name> field is required, since it identifies what module must be called. More than a module can be listed; they are invoked in that order. The other parameters are passed to the parsing function of the module.

The module is expected to provide an access mask, or to modify the current one, within the <access> mask that is provided in the configuration line. This means that

    access to *
        by dynacl/<name> write
will allow that module to grant up to write access, while
    access to *
        by dynacl/<name> =xr
will allow the same module to grant auth (=x) or read (=r) access or both, but no other access privilege.
Official dynacl modules:
(Category) ACI (experimental inside-the-tree access controls)

Contribware dynacl modules:
(Answer) posixgroup

Unofficial dynacl modules:

[New Answer in "DynACL: pluggable access control configuration"]
Previous: (Answer) Access control by SLAPI
Next: (Category) Contribware
This document is: http://www.openldap.org/faq/index.cgi?file=1287
[Search] [Appearance] [Show This Entire Category]
This is a Faq-O-Matic 2.721.test.
© Copyright 1998-2013, OpenLDAP Foundation, info@OpenLDAP.org