[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Global ACLs - Impacts access control and SLAPI (ITS#3100)

To: openldap-its@OpenLDAP.org
Subject: Re: Global ACLs - Impacts access control and SLAPI (ITS#3100)
From: ando@sys-net.it
Date: Tue, 20 Apr 2004 13:12:47 GMT

> I don't think it is broke, but intended behavior:
>
> If their are global acls, they apply to all databases
> after any db acls.  If the db has no acls, global acls
> are used.
>
> If the target is not within any database, acls of
> first database (then global acls) apply.
>
> It's been this way for many years (long before SLAPI).

I'll revert in a moment.  My concern was that
when addressing rootDSE or cn=subschema, I had
to run thru the first database rules, which is
counterintuitive; wouldn't it be better to
address this specifical case by short-circuiting
to global_acl?

p.

-- 
Pierangelo Masarati
mailto:pierangelo.masarati@sys-net.it

Prev by Date: Re: Global ACLs - Impacts access control and SLAPI (ITS#3100)
Next by Date: Re: Global ACLs - Impacts access control and SLAPI (ITS#3100)
Index(es):
- Chronological
- Thread