[Date Prev][Date Next]
Re: (ITS#3819) Strange slapd.conf diagnostic after authz-regexp
>Hallvard B Furuseth wrote:
>>Aha. That solved a small mystery for me, once I looked at it
>>The root DSE no longer uses ACLs from the first database.
>>it Only uses the global ACLs and the 'database frontend' ACLs,
>>because the supposedly global ACLs end up in frontendDB.
>Yes. This was discussed recently
>but I don't think any course of action was decided.
Note that HEAD differs from any released code since #ifdef LDAP_DEVEL
the ACLs of frontendDB are used instead of those of the first backend.
>>Also, rootdn/rootpw was also applied from the first database, but
>>those are now taken from frontendDB and I can't get rootdn/rootpw
>>from frontendDB to work.
>Well, rootpw makes no sense for the frontendDB. The question about
>rootdn is still open.
I do not quite understand this comment. In principle (never thought
about it so I'm just trying to form a consistent thought) we could have
a "global rootdn", which would be the frontend's rootdn, whose authority
spans the entire system, unless a "rootdn" is defined for a database; in
the latter case, that "local rootdn" would prevail. If we implement
something like this, a "rootpw" for the frontendDB would make as much
sense as it does for each database (with the same pros and cons, I mean).
SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497