[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
(ITS#4522) Minor inconsistency between ACL documentation and code
Full_Name: Ralf Haferkamp
Version: HEAD, RE23, RE24
OS:
URL: ftp://ftp.openldap.org/incoming/rhaferkamp-20060505-slapd-access.dif
Submission from: (NULL) (212.95.103.109)
I just noticed two minor inconsistencies between the acl parsing code and the
slapd.access manpage.
The manpage states that the "dn=" part of the <what> is optional. Current code
however doesn't allow the specify ACLs like "access to cn=test ..."
Addionally the BNF at the beginning of the man-page is IMO slightly wrong.
It should be:
access to <what> [ by <who> [ <access> ] [ <control> ] ]+
instead of:
access to <what> [ by <who> <access> [ <control> ] ]+
As it seems to be perfectly ok to have the <access> part missing (e.g. by *
break).
In the assumption that the code is always right :-), I created the uploaded
patch for the man page.
I am also thinking if it might make sense to mention the implicit "by * none"
somewhere prominently in the manpage. Maybe by adding a "Access Control
Evaluation" section to the manpage. Opinions?
It is currently only mentioned in the Adminguide. I had several reports from
users stumbling over this.