Antw: Re: Need Schema for aci attribute
>> Mike Jackson <mj(a)netauth.com> schrieb am 15.05.2014 um
20:35 in Nachricht
<20140515213556.Horde.wkpVZ5iF1hLX6CSzSDPdMQ3(a)mail.netauth.com>:
Quoting Howard Chu <hyc(a)symas.com>:
> Mike Jackson wrote:
>>
>> Quoting Dieter Klünter <dieter(a)dkluenter.de>:
>>>
>>> The attribute type is openLDAPaci. The model is based on
>>> http://tools.ietf.org/html/draft-ietf-ldapext-acl-model-08
>>>
>>
>> Does this FAQ-O-Matic still represent the current situation regarding
>> the semantics and not recommended for general use?
>
> Yes.
>>
OK, thanks for clarification from both you, Howard, and Dieter. I like
in-tree ACIs for the reason that they are replicated without too much
concern. OTOH, the olcAccess semantics are very powerful compared to
the SUN/Netscape semantics.
The key thing I desire, I suppose, is replicated schema and ACI, but
not some/most of the other parts of cn=config. I, like the previous
poster today, would like to be able to dynamically adjust logging
levels on a per-server basis while replicating other matters of
policy. I think it just means a bit more work on the syncrepl access
control. Small price to pay for such power, and don't require much
touching after initial config anyway, IMO.
A spontaneous idea would be to extend the logging level in cn=config, maybe by
adding the Server ID to make it specific to a server (connection)
-mike