Is it possible to have fine grained ACLs in OpenLDAP? My problem is that the 'write' access is too broad. I wish to be able to control ADD, modify and delete separately. I tried looking at aacls.sourceforge.net but it involves the setup of a separate server and looks abandoned.
Any pointers would be appreciated- maybe the denyop module? I was trying to find some docs but all I could find was a FAQ entry.
Any pointers would be welcome. Thank you.
"Faraz R. Khan" faraz.khan@emergen.biz writes:
Is it possible to have fine grained ACLs in OpenLDAP? My problem is that the 'write' access is too broad. I wish to be able to control ADD, modify and delete separately. I tried looking at aacls.sourceforge.net but it involves the setup of a separate server and looks abandoned.
Any pointers would be appreciated- maybe the denyop module? I was trying to find some docs but all I could find was a FAQ entry.
man slapd.access(5), search for 'priv access' and 'Operation Requirements'
-Dieter
openldap-technical@openldap.org
-
Dieter Kluenter -
Faraz R. Khan