[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Are sets "production ready"?

Tomasz Lesniewski wrote:
I would like to use sets in my openldap ACLs, but i'm worried about "Sets are
considered experimental"as is written in docs

Is anybody using sets in production environment without problems? Are there
any known issues with sets? Or is known when sets will be ready to use?

I put one setup with many set ACLs in production. Sets work as intended but are not documented very well. It costs some time to get it right. It's a good idea to implement ACL regression testing.

The main problem with sets: They are slow - I mean really slow.

But if high performance is not your main goal you can set up very paranoid access control with sets.

I will show a demo of a similar setup this weekend at the OpenLDAP booth at Chemnitzer Linuxtage:


See also my presentation of this stuff this Sunday:


Ciao, Michael.

Michael Ströder
E-Mail: michael@stroeder.com

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature