[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#7346) ACL processing: additive privs (using control continue)

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#7346) ACL processing: additive privs (using control continue)
From: hyc@symas.com
Date: Sun, 5 Aug 2012 14:11:30 GMT
Auto-submitted: auto-generated (OpenLDAP-ITS)

daniel@pluta.biz wrote:
> Full_Name: Daniel Pluta
> Version: MASTER
> OS: Linux
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (84.167.55.212)
> 
> 
> For further explainations please vistit this technical-posting:
> 
> http://www.openldap.org/lists/openldap-technical/201208/msg00025.html
> 
> Testbed containing slapd.conf, data, ldapsearch-queries and 128-logs are given
> below.

As noted in the referenced email thread, this is working as designed.
"continue" controls are only useful when a following clause matches the same
subject and specifies incremental privileges. There are no following clauses
that match the subject in this case, so the implicit "by * none" at the end of
every ACL clause is applied.

Closing this ITS.
-- 
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/

Prev by Date: (ITS#7346) ACL processing: additive privs (using control continue)
Next by Date: (ITS#7347) Exclusive bit masks for: ACL_WADD, ACL_WDEL, and ACL_WRITE
Index(es):
- Chronological
- Thread