[Date Prev][Date Next] [Chronological] [Thread] [Top]

Changing ACLs in dynamic configuration off-line

To: openldap-technical@openldap.org
Subject: Changing ACLs in dynamic configuration off-line
From: Nick Milas <nick@eurobjects.com>
Date: Fri, 13 Jan 2012 23:11:25 +0200
User-agent: Mozilla/5.0 (Windows NT 5.1; rv:9.0) Gecko/20111222 Thunderbird/9.0.1

When we want to do some non-trivial re-engineering in ACLs, on-lineconfiguration using ldapmodify might be cumbersome.

So I think we could slapcat the config database, change ACLs in theoutput, and slapadd it while the server is offline.

So, if we have a set of >100 ACL rules and we want to add one ACL ruleafter, say, 22, would we have to *manually* renumber all the ACLs afterthe new 23 so that they are numbered n+1? Or, when the config db isread, is OpenLDAP able to resolve such conflicts (two ACLs with the samenumber) and renumber automatically? If so, what is the logic?

(Maintenance of ACLs in the dynamic configuration remains one of myconcerns.)


Thanks,
Nick

Follow-Ups:
- Re: Changing ACLs in dynamic configuration off-line
  - From: Quanah Gibson-Mount <quanah@zimbra.com>

Prev by Date: Re: Heavy load problems
Next by Date: Re: Changing ACLs in dynamic configuration off-line
Index(es):
- Chronological
- Thread