[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#5572) Append global ACL to new backends

Howard Chu wrote:
> rein@OpenLDAP.org wrote:
>> The global ACLs are not added to newly created backends, i.e a server 
>> restart
>> must be done before they are included.  The patch at the end should 
>> fix this. OK
>> to commit Howard?
> My preference here would be to rip out everything that appends the 
> global ACLs and instead change the access_allowed checker to reference 
> the global ACLs directly when needed.

Agreed, that would also fix the problem that dynamic updates to the 
global ACLs requires a restart to be effective.  I can look into this 
next week.  To be sure I have the semantics correct, it should be to 
evalutate ALCs local to the backend first, then the global, until a 
matching entry has been found?