[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#5572) Append global ACL to new backends

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#5572) Append global ACL to new backends
From: rein@OpenLDAP.org
Date: Fri, 20 Jun 2008 20:27:48 GMT

Howard Chu wrote:
> rein@OpenLDAP.org wrote:
>> The global ACLs are not added to newly created backends, i.e a server 
>> restart
>> must be done before they are included.  The patch at the end should 
>> fix this. OK
>> to commit Howard?
> 
> My preference here would be to rip out everything that appends the 
> global ACLs and instead change the access_allowed checker to reference 
> the global ACLs directly when needed.

Agreed, that would also fix the problem that dynamic updates to the 
global ACLs requires a restart to be effective.  I can look into this 
next week.  To be sure I have the semantics correct, it should be to 
evalutate ALCs local to the backend first, then the global, until a 
matching entry has been found?

Rein

Prev by Date: Re: (ITS#5568) Multiple Suffix not working in 2.3.39 Release.
Next by Date: Re: (ITS#5565) slapd crashes due to SIGPIPE
Index(es):
- Chronological
- Thread