[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#5572) Append global ACL to new backends

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#5572) Append global ACL to new backends
From: hyc@symas.com
Date: Fri, 20 Jun 2008 20:39:08 GMT

Rein Tollevik wrote:
> Howard Chu wrote:
>> rein@OpenLDAP.org wrote:
>>> The global ACLs are not added to newly created backends, i.e a server
>>> restart
>>> must be done before they are included.  The patch at the end should
>>> fix this. OK
>>> to commit Howard?
>> My preference here would be to rip out everything that appends the
>> global ACLs and instead change the access_allowed checker to reference
>> the global ACLs directly when needed.
>
> Agreed, that would also fix the problem that dynamic updates to the
> global ACLs requires a restart to be effective.  I can look into this
> next week.  To be sure I have the semantics correct, it should be to
> evalutate ALCs local to the backend first, then the global, until a
> matching entry has been found?

Right. Thanks for investigating this.

-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/

Prev by Date: Re: (ITS#5565) slapd crashes due to SIGPIPE
Next by Date: Re: (ITS#5568) Multiple Suffix not working in 2.3.39 Release.
Index(es):
- Chronological
- Thread