[Date Prev][Date Next] [Chronological] [Thread] [Top]

olcAccess best practices


I was wondering if there exists a best practices guide to crafting olcAccess rules?

For example:
Should I create a single entry per account I want to give access, granting all attributes they would need read/write access to with a particular filter?
Or would I be better off grouping access granting to members of the groups and adding individual rules for special edge cases?
Or are both these ideas off base and something else would be preferred?

Currently I am granting access by groups with access to collections of attributes, however as I am discovering that some accounts need access to those attributes with different filters my rules are continually shifting and  growing.

Thank You,
-Russell Janceiwcz
University of Connecticut