[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Subordinate ACL question

To: Pierangelo Masarati <ando@sys-net.it>
Subject: Re: Subordinate ACL question
From: Quanah Gibson-Mount <quanah@stanford.edu>
Date: Thu, 11 Nov 2004 12:23:08 -0800
Cc: openldap-software@OpenLDAP.org
Content-disposition: inline
In-reply-to: <41929F51.5060609@sys-net.it>
References: <200411090936.iA99abHE054319@au.padl.com> <60915.131.175.154.56.1099996163.squirrel@131.175.154.56> <200411091043.iA9AhD1K057496@au.padl.com> <60969.131.175.154.56.1099998397.squirrel@131.175.154.56> <200411091131.iA9BVLqd059349@au.padl.com> <4190B2DD.5030904@symas.com> <200411091224.iA9COTKX063156@au.padl.com> <1BD3C53D9F76860A985F0A34@[10.0.0.1]> <200411092320.iA9NKn0V096760@au.padl.com> <33388.131.175.154.56.1100075018.squirrel@131.175.154.56> <200411102253.iAAMr2b7054547@au.padl.com> <41929F51.5060609@sys-net.it>

--On Thursday, November 11, 2004 12:08 AM +0100 Pierangelo Masarati <ando@sys-net.it> wrote:

Luke Howard wrote:

is an error; I've never tried anything like that, so I don't know if
slapd happily ignores it or whatever it does in response, but the man
page clearly states that the <control> field {break|continue|stop} is
optional, but the <access> field [self]{<level>|<priv>} is mandatory.
I assume something like "+0" (i.e. permissions are not altered) is
implied, but I need to check the code and see if this should become a
de-facto defalt behavior or it should be explicitly enforced.

So

	by * +0 break

would be more correct?

Looking at aclparse.c it appears that "break" is supported both before
and after <who>.

Then I guess the docs need be updated, or the code modified.

Given that I was originally told to use "by * break" to do what I needed to do back in 2.1, I vote for the docs being updated, because I think the code is behaving correctly. ;)

--Quanah


--
Quanah Gibson-Mount
Principal Software Developer
ITSS/Shared Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html

References:
- Subordinate ACL question
  - From: Luke Howard <lukeh@padl.com>
- Re: Subordinate ACL question
  - From: "Pierangelo Masarati" <ando@sys-net.it>
- Re: Subordinate ACL question
  - From: Luke Howard <lukeh@padl.com>
- Re: Subordinate ACL question
  - From: "Pierangelo Masarati" <ando@sys-net.it>
- Re: Subordinate ACL question
  - From: Luke Howard <lukeh@padl.com>
- Re: Subordinate ACL question
  - From: Howard Chu <hyc@symas.com>
- Re: Subordinate ACL question
  - From: Luke Howard <lukeh@padl.com>
- Re: Subordinate ACL question
  - From: Quanah Gibson-Mount <quanah@stanford.edu>
- Re: Subordinate ACL question
  - From: Luke Howard <lukeh@padl.com>
- Re: Subordinate ACL question
  - From: "Pierangelo Masarati" <ando@sys-net.it>
- Re: Subordinate ACL question
  - From: Luke Howard <lukeh@padl.com>
- Re: Subordinate ACL question
  - From: Pierangelo Masarati <ando@sys-net.it>

Prev by Date: Re: install problem
Next by Date: RE: Problem Alias with bdb database
Index(es):
- Chronological
- Thread