[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: "dynamic" acls

To: openldap-software@OpenLDAP.org
Subject: Re: "dynamic" acls
From: Quanah Gibson-Mount <quanah@stanford.edu>
Date: Wed, 21 Jan 2004 14:08:05 -0800
Content-disposition: inline
In-reply-to: <400EF3FD.40103@speakeasy.org>
References: <20040121203348.373e97ac@earth.bx> <597790557.1074686794@cadabra.stanford.edu> <400EF3FD.40103@speakeasy.org>

--On Wednesday, January 21, 2004 4:49 PM -0500 John Ziniti <jziniti@speakeasy.org> wrote:

Quanah Gibson-Mount wrote:

--On Wednesday, January 21, 2004 8:33 PM +0100 Alexander Blüm
<mailinglists1@gmx.de> wrote:

is it possible to apply new acl rules without restarting slapd?

like disallowing some users acces to a certain branch of the ldap
tree...

That is not possible at this time with ACL's.


One thing you can do, however, is set up an ACL which applies the
rule you would like to a certain *group* in the LDAP tree, and then
add users to that group.  Not quite as dynamic as you might like,
but you can use it to achieve the desired effect under certain
circumstances.  You have to have a good idea beforehand, however,
of how your tree will be arranged, and what "permissions" you
want to apply.

True, and we do have some groups like that here... But still, I would like to see dynamic ACL's. :)

--Quanah

--
Quanah Gibson-Mount
Principal Software Developer
ITSS/TSS/Computing Systems
ITSS/TSS/Infrastructure Operations
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html

References:
- "dynamic" acls
  - From: Alexander Blüm <mailinglists1@gmx.de>
- Re: "dynamic" acls
  - From: Quanah Gibson-Mount <quanah@stanford.edu>
- Re: "dynamic" acls
  - From: John Ziniti <jziniti@speakeasy.org>

Prev by Date: Redhat 9 problems
Next by Date: Re: stable releases
Index(es):
- Chronological
- Thread