Hi,

 

I’m setting up a new OpenLDAP infrastructure on Solaris, where the directory will be critical and we need to keep a tight control on the changes made to it.  The changes will come from an external feed, and as an extra safety measure to protect against software bugs that could otherwise cripple our infrastructure, we would like to put an overlay into the directory server that will make sure that the changes being made to the directory do not break some basic business rules we are defining.

 

The rules will be along these lines:

 

-          Do not allow more than 10% of entries underneath a given DIT to be modified in less than a 24 hour period

-          Entries underneath a given DIT must have a specified list of object classes and attributes defined

-          Do not permit modrdn under a given DIT

-          Attribute values match a particular defined set of REs (I can do this with the constraint overlay)

-          Some critical entries cannot be modified or removed (I can do this with access control lists)

-          Some attributes not used in the DN must be unique (I can do this with the unique overlay)

 

So I’m ok with the last three, but any suggestions for the first three?  Has anyone else implemented similar overlays already?

 

Thanks & regards,

Mark Bannister.