[Date Prev][Date Next]
Re: Global ACLs - Impacts access control and SLAPI (ITS#3100)
> I wouldn't have much problem with slapd only applying
> global ACLs to entries outside of contexts IF
> global ACLs were specified. But if no global ACLs were
> specified, then first database ACLs should be applied.
> This give you your shortcut without, I hope, breaking
> deployments which rely on the existing behavior.
Sure. I just committed a(n experimental) test to access
rules at parse time, that tries to guess if access rules
are acting strictly within the naming context of a backend
or are totally invalid or match more than the naming context
and so. It only issues warnings, and is protected behind
#ifdef LDAP_DEVEL; it's not intended for release, but as
"food for thoughts" on how I mean access scoping. Feel free
to wipe it out any time.