At 09:56 19/9/00 +0100, you wrote:
>I believe there is not yet a standard for LDAP ACL(RFC2080 of May this
>year is informational) but both OpenLDAP and, I believe, Netscape
>Directory Server, allow multiple per attribute of an object, per actor,
>access level controls. (What, who, how). So, as far as I can see, you
>could allow anyone to attempt to authenticate to the directory (ie bind)
>but not grant authenticated users any rights. Would that solve this
>issue?
yep :P.
Does it cost anything more thou ? I have NFI :P
>What I had in mind for my uses, I'd probably allow users to change their
>own passwords and contact details but not their mailquota, and to be
>able to see only selected attributes of other users.
okay - I just had a discussion with the guy who is designing LDAP directory
for a large university and he has had a lot of problems with users altering
stuff they shouldn't. ie Many people seemed to love to change their names
to Superman/Wonderwoman etc and a lot of people changed theor
organisational unit so that they existed in a more prestigious group. While
user editing stuff can be good they ended up only allowing two changes
first name and phone number. The rest led to chaos (even of supposed
professionals who administer the uni).
>> >I haven't done any scale tests so I couldn't say how slow or fast this
>> >would be. Open to suggestions, though. But I'm not sure I'd want 3,000
>> >users on one instance, anyway.
>>
>> well sure you do - if the mail server is acting as a gateway or relay and
>> doesn't store any mail on the machine. Many machines who do present as a
>> store (ie implement POP3/IMAP4r3) actually keep store on other machines and
>> read it across network when a user requests it. This is based on details of
>> how all the unis around here works so YMMV but it doesn't seem rare - not
>> even an uncommon demand.
>
>But if its acting as a gateway or relay, do you need or would you use
>countUsers?
>Similarly, if several machines are handling the POP3/IMAP connections
>with a seperate store, would you need or use countUsers?
>
>countUsers is only called by RemoteManager, I think, so if you can think
>of a faster method, go for it, but otherwise, I suspect it is fine for
>small installations and would not be used in large ones.
personally I would remove the whole damn method :P. I think we did the same
with repository (that used to have something similar) as that could cause
problems when you store 32000 items in repository etc.
My recomendation would be to remove it or else replace it with an Iterator.
That way you could either contyrol the cost (Iterator) or have 0 cost. YMMV
thou.
Cheers,
Pete
*------------------------------------------------------*
| "Nearly all men can stand adversity, but if you want |
| to test a man's character, give him power." |
| -Abraham Lincoln |
*------------------------------------------------------*
------------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Archives: <http://www.mail-archive.com/james%40list.working-dogs.com/>
Problems?: [EMAIL PROTECTED]
