[Date Prev][Date Next]
Re: (ITS#3532) test006-acls: warning: cannot assess the validity of the ACL scope within backend naming context
Pierangelo Masarati writes:
> I'd reverse the comment. If one puts an ACL that scopes outside the
> database, one for some reason may be led to think that the ACL applies
> to data outside the database as well. For example, people may put
> ACLs scoping the rootDSE into the first database block, because that's
> how things used to work in slapd.
OK, it's good to warn that the semantics of slapd.conf has changed,
but this warning _doesn't_ mention that the semantics has changed.
Sounds to me like these warning should be replaced with a single message
if there are such access directives in the first database, saying
Warning: OpenLDAP 2.3 no longer applies "access" directives in the
first database to the root DSE and cn=subschema