[Date Prev][Date Next]
Re: (ITS#3819) Strange slapd.conf diagnostic after authz-regexp
Howard Chu writes:
> So it sounds like you're in favor of a single global rootdn.
Sounds nice. As an option, anyway.
> I suppose your "database dsa-info" idea already exists in "database
> config". Certainly its contents are dsa-specific info, and the config
> database is now always the first database. So, even though back-config
> performs no ACL checks of its own, you can always do
> database config
> access to ...
> to setup your non-database ACLs.
Sounds even less intuitive than the old "first database" hack to me,
since the access one wants to back-config and to the root DSE etc is
very different. With "first database" one can at least select which
database to put first. Besides, we might someday want to implement ACL
support in back-config.
Don't anthropomorphize computers. They hate that.