[Date Prev][Date Next]
Re: Global ACLs - Impacts access control and SLAPI (ITS#3100)
> I don't think it is broke, but intended behavior:
> If their are global acls, they apply to all databases
> after any db acls. If the db has no acls, global acls
> are used.
> If the target is not within any database, acls of
> first database (then global acls) apply.
> It's been this way for many years (long before SLAPI).
I'll revert in a moment. My concern was that
when addressing rootDSE or cn=subschema, I had
to run thru the first database rules, which is
counterintuitive; wouldn't it be better to
address this specifical case by short-circuiting