[Date Prev][Date Next]
Re: ACLs broken by ITS#5419
On Mon, 24 Mar 2008, Howard Chu wrote:
> email@example.com wrote:
>> The change to servers/slapd/backend.c for ITS#5416 seem to have broken the
>> ability for group and set statements in access control lines to refer to
>> outside the backend currently being operated on.
> That ability was never intended in the first place. Historically, backends in
> slapd have been treated as isolated DSAs with no connection to each other.
> They've required special mechanisms (like back-relay or slapo-glue) to be
Yes, I know, the change that allowed this was imo the one that made sets
and groups really useful. Our database configuration still has traces of
the workarounds the lack of this feature once forced us to make..
But, the latest change also removes this ability for databases subordinate
to the same common superior (i.e using the slapo-glue). If I understand
you correct it is a bug that glue'ed databases cannot refer to each other,
although I still consider it a bug (or at least a huge drawback) if this
would no longer be generally possible.