[Date Prev][Date Next]
Re: (ITS#5572) Append global ACL to new backends
Howard Chu wrote:
> rein@OpenLDAP.org wrote:
>> The global ACLs are not added to newly created backends, i.e a server
>> must be done before they are included. The patch at the end should
>> fix this. OK
>> to commit Howard?
> My preference here would be to rip out everything that appends the
> global ACLs and instead change the access_allowed checker to reference
> the global ACLs directly when needed.
Agreed, that would also fix the problem that dynamic updates to the
global ACLs requires a restart to be effective. I can look into this
next week. To be sure I have the semantics correct, it should be to
evalutate ALCs local to the backend first, then the global, until a
matching entry has been found?