[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#3639) Inconsistent access checking in back-shell?

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#3639) Inconsistent access checking in back-shell?
From: Kurt@OpenLDAP.org
Date: Fri, 8 Apr 2005 16:50:01 GMT

I think that slap.access(5) should only contain a general statement
that support for full ACL semantics is limited to a subset of the
backends, namely "primary" backends (HDB, BDB, LDBM) and that the
backend documentation should be consulted for discussions on
particular limitations.  Then, in back-shell, discuss this and
other particular limitations (such as no evaluation of "search"
permissions).

At 08:31 AM 4/8/2005, ando@sys-net.it wrote:

>> Here's some discussion of this change in the thread:
>> http://www.openldap.org/lists/openldap-devel/200210/msg00008.html
>
>OK, so now this issue bolis down to: it was intended, as (my guess) a
>cheap replacement to creating the appropriate entry(es) and applying
>consistent checks.  So the issue now moves towards documenting this (apart
>from the mail archives).  I'll add notes to slapd.access(5), with links
>from the slapd-<backend>(5) man pages.
>
>p.
>
>-- 
>Pierangelo Masarati
>mailto:pierangelo.masarati@sys-net.it
>
>
>    SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497

Prev by Date: (ITS#3641) Typo in configure.in inhibits --enable-dnssrv
Next by Date: Re: (ITS#3639) Inconsistent access checking in back-shell?
Index(es):
- Chronological
- Thread