[stop | continue | break] in ACLs?

[David Olivier <David.Olivier@univ-lyon2.fr>]

In the openldap 2.0 admin guide,

<http://www.openldap.org/doc/admin/>,

section 5.3 on ACLs,

the comments and examples are not all quite up-to-date with the syntax.

On new feature is the <control> clause:

<access directive> ::= access to <what>
                      [by <who> <access> <control>]+

with:

<control> ::= [stop | continue | break]

Can someone say what that is for? Or where it is documented (apart from the 
source!)?

I imagine that somehow this new clause changes the way accesses are 
evaluated as in 5.3.4:

> When evaluating whether some requester should be given access to an entry
> and/or attribute, slapd compares the entry and/or attribute to the <what>
> selectors given in the configuration file. Access directives local to the
> current database are examined first, followed by global access
> directives. Within this priority, access directives are examined in the
> order in which they appear in the config file. Slapd stops with the first
> <what> selector that matches the entry and/or attribute. The
> corresponding access directive is the one slapd will use to evaluate
> access.
>
> Next, slapd compares the entity requesting access to the <who> selectors
> within the access directive selected above in the order in which they
> appear. It stops with the first <who> selector that matches the
> requester. This determines the access the entity requesting access has to
> the entry and/or attribute.
>
> Finally, slapd compares the access granted in the selected <access>
> clause to the access requested by the client. If it allows greater or
> equal access, access is granted. Otherwise, access is denied.

But how does it change it?

---
David Olivier
Klebs gardien Alpages CRI courrier brebis Lyon 2 Lumière