[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#3532) test006-acls: warning: cannot assess the validity of the ACL scope within backend naming context

Pierangelo Masarati writes:
> I'd reverse the comment.  If one puts an ACL that scopes outside the
> database, one for some reason may be led to think that the ACL applies
> to data outside the database as well.  For example, people may put
> ACLs scoping the rootDSE into the first database block, because that's
> how things used to work in slapd.

OK, it's good to warn that the semantics of slapd.conf has changed,
but this warning _doesn't_ mention that the semantics has changed.

Sounds to me like these warning should be replaced with a single message
if there are such access directives in the first database, saying

  Warning: OpenLDAP 2.3 no longer applies "access" directives in the
  first database to the root DSE and cn=subschema