Hi,
Having solved my previous problem (Authenticated users can create new entries but then only creator can modify entry) which resembles setting up a sticky bit on a file system directory, I am facing a new one:
How to limit the number of entries an authenticated user can add to a subtree where he has write access. Think of it as limiting the number of entries on a user's addressbook to prevent denial of service by a user submitting a huge amount of addressbook entries or bookmark entries for an bookmark manager based on openldap.
Is there a way for openldap to count the number of entries a user has added before deciding whether to grant or deny write access to that user but always allow him to modify/delte existing entries.
fathi.engineer@gnet.tn wrote:
Hi,
Having solved my previous problem (Authenticated users can create new entries but then only creator can modify entry) which resembles setting up a sticky bit on a file system directory, I am facing a new one:
How to limit the number of entries an authenticated user can add to a subtree where he has write access. Think of it as limiting the number of entries on a user's addressbook to prevent denial of service by a user submitting a huge amount of addressbook entries or bookmark entries for an bookmark manager based on openldap.
Is there a way for openldap to count the number of entries a user has added before deciding whether to grant or deny write access to that user but always allow him to modify/delte existing entries.
Nope, but there is a setting for how many entries are returned and/or time taken. Your bookmark app could set a limit for writes also. See man slapd.conf for "limits".
openldap-software@openldap.org
-
fathi.engineer@gnet.tn -
Gavin Henry