We are developing a webbased opensource identity management solution
which includes a graphical frontend to manage openldap ACLs. Previously
we were using Cn=config and 'standard' ACLs to manage our tree but we
later moved on to OpenLdap ACIs for in-tree ACLs.
Gavin Henry suggested that I take this discussion to the list since ACIs
are not being actively maintained and its advisable to move to the
'normal' openldap ACLs. My problem with that model is that management
through a graphical interface becomes VERY ugly (parsing and rendering
text acls, maintaining priority, managing referential integrity if a dn
is deleted, etc). I have found OpenLdapACIs extremely handy to use for
We are willing to provide resources/dev time in the future for the
support of OpenLDAP ACIs since its crucial to our project. I wanted to
know if support/interest is the ONLY problem or are there fundamental
flaws in the way ACIs work?
Faraz R Khan
Zivios::Open Source Enterprise Management