[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#3532) test006-acls: warning: cannot assess the validity of the ACL scope within backend naming context
- To: openldap-its@OpenLDAP.org
- Subject: Re: (ITS#3532) test006-acls: warning: cannot assess the validity of the ACL scope within backend naming context
- From: ando@sys-net.it
- Date: Sat, 5 Feb 2005 14:14:42 GMT
michael@stroeder.com wrote:
>running defines.sh
>Running slapadd to build slapd database...
>./testrun/slapd.1.conf: line 57: warning: cannot assess the validity of the ACL
>scope within backend naming context
>./testrun/slapd.1.conf: line 62: warning: cannot assess the validity of the ACL
>scope within backend naming context
>./testrun/slapd.1.conf: line 74: warning: cannot assess the validity of the ACL
>scope within backend naming context
>./testrun/slapd.1.conf: line 78: warning: cannot assess the validity of the ACL
>scope within backend naming context
>./testrun/slapd.1.conf: line 84: warning: cannot assess the validity of the ACL
>scope within backend naming context
>./testrun/slapd.1.conf: line 96: warning: cannot assess the validity of the ACL
>scope within backend naming context
>Starting slapd on TCP/IP port 9011...
>Testing slapd access control...
>Waiting 5 seconds for slapd to start...
>Using ldapsearch to retrieve all the entries...
>Filtering ldapsearch results...
>Filtering original ldif used to create database...
>Comparing filter output...
>
>
>>>>>>Test succeeded
>>>>>>./scripts/test006-acls completed OK.
>>>>>>
>>>>>>
Works as intended. That's a reminder that ACLs (may) scope outside the
backend they're defined in. For instance,
access to *
by * read
can appear anywhere, but it's not quite good inside a backend because it
also scopes outside. A more appropriate statement would be
access to dn.subtree=<suffix>
by * read
In some cases (e.g. when using fancy submatches in regex clauses) slapd
can't quite get the actual scope of a rule; different warnings may
appear in that case.
This is only informative, not prescriptive, and it's been in HEAD for at
least one year (but I suspect more) and nobody ever complained about it.
p.
SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497