[Date Prev][Date Next]
Changing ACLs in dynamic configuration off-line
- To: email@example.com
- Subject: Changing ACLs in dynamic configuration off-line
- From: Nick Milas <firstname.lastname@example.org>
- Date: Fri, 13 Jan 2012 23:11:25 +0200
- User-agent: Mozilla/5.0 (Windows NT 5.1; rv:9.0) Gecko/20111222 Thunderbird/9.0.1
When we want to do some non-trivial re-engineering in ACLs, on-line
configuration using ldapmodify might be cumbersome.
So I think we could slapcat the config database, change ACLs in the
output, and slapadd it while the server is offline.
So, if we have a set of >100 ACL rules and we want to add one ACL rule
after, say, 22, would we have to *manually* renumber all the ACLs after
the new 23 so that they are numbered n+1? Or, when the config db is
read, is OpenLDAP able to resolve such conflicts (two ACLs with the same
number) and renumber automatically? If so, what is the logic?
(Maintenance of ACLs in the dynamic configuration remains one of my