Mike Jackson mj@netauth.com schrieb am 15.05.2014 um 20:35 in Nachricht
20140515213556.Horde.wkpVZ5iF1hLX6CSzSDPdMQ3@mail.netauth.com:
Quoting Howard Chu hyc@symas.com:
Mike Jackson wrote:
Quoting Dieter Klünter dieter@dkluenter.de:
The attribute type is openLDAPaci. The model is based on http://tools.ietf.org/html/draft-ietf-ldapext-acl-model-08
Does this FAQ-O-Matic still represent the current situation regarding the semantics and not recommended for general use?
Yes.
OK, thanks for clarification from both you, Howard, and Dieter. I like in-tree ACIs for the reason that they are replicated without too much concern. OTOH, the olcAccess semantics are very powerful compared to the SUN/Netscape semantics.
The key thing I desire, I suppose, is replicated schema and ACI, but not some/most of the other parts of cn=config. I, like the previous poster today, would like to be able to dynamically adjust logging levels on a per-server basis while replicating other matters of policy. I think it just means a bit more work on the syncrepl access control. Small price to pay for such power, and don't require much touching after initial config anyway, IMO.
A spontaneous idea would be to extend the logging level in cn=config, maybe by adding the Server ID to make it specific to a server (connection)
-mike