[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
(ITS#7066) ACL added to back-config only active after restart
- To: openldap-its@OpenLDAP.org
- Subject: (ITS#7066) ACL added to back-config only active after restart
- From: rhafer@suse.de
- Date: Tue, 18 Oct 2011 12:45:25 GMT
- Auto-submitted: auto-generated (OpenLDAP-ITS)
Full_Name: Ralf Haferkamp
Version: RE24, master
OS:
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (89.166.171.158)
The first ACL added to "olcDatabase={0}config,cn=config" does only get active
after slapd is restarted. This is because slapd upon startup creates a hardcoded
deny-everything ACL when no ACL is defined explicitly for the database. ACLs
added after slapd is started will be appended to that hardcoded ACL (but never
evaluated as the hardcoded one already matches everything).
I am working on a fix, reworking the way how the hardcoded default ACL for
olcDatabase={0}config,cn=config is applied.