[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#7346) ACL processing: additive privs (using control continue)
- To: openldap-its@OpenLDAP.org
- Subject: Re: (ITS#7346) ACL processing: additive privs (using control continue)
- From: hyc@symas.com
- Date: Sun, 5 Aug 2012 14:11:30 GMT
- Auto-submitted: auto-generated (OpenLDAP-ITS)
daniel@pluta.biz wrote:
> Full_Name: Daniel Pluta
> Version: MASTER
> OS: Linux
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (84.167.55.212)
>
>
> For further explainations please vistit this technical-posting:
>
> http://www.openldap.org/lists/openldap-technical/201208/msg00025.html
>
> Testbed containing slapd.conf, data, ldapsearch-queries and 128-logs are given
> below.
As noted in the referenced email thread, this is working as designed.
"continue" controls are only useful when a following clause matches the same
subject and specifies incremental privileges. There are no following clauses
that match the subject in this case, so the implicit "by * none" at the end of
every ACL clause is applied.
Closing this ITS.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/