Re: ACL control with break

[Nick Milas <nick@eurobjects.com>]

On 25/5/2012 6:59 ÎÎ, Nick Milas wrote:

> You mean that if we use a <what> statement without an "attrs=" clause, 
> then it affects children and entry pseudo-attributes as well? And what 
> if there is a filter specified too (still without an "attrs=" clause)? 

From some research I did (e.g.: 
http://www.openldap.org/faq/data/cache/1140.html), I don't see cases of 
implicit change (meant as described above) of entry and children 
pseudo-attributes.

In case we would like an ACL statement to include all attributes *plus* 
the pseudo-attributes, then we should explicitly specify, for example:

access to dn.subtree="ou=people,dc=example,dc=com" 
attrs="@extensibleObject,children,entry"
   by dn.exact="uid=admin,ou=people,dc=example,dc=com" write
   ...

If anyone has more details on this, I would appreciate your feecback.

Regards,
Nick