[Date Prev][Date Next]
Re: (ITS#5572) Append global ACL to new backends
Rein Tollevik wrote:
> Howard Chu wrote:
>> rein@OpenLDAP.org wrote:
>>> The global ACLs are not added to newly created backends, i.e a server
>>> must be done before they are included. The patch at the end should
>>> fix this. OK
>>> to commit Howard?
>> My preference here would be to rip out everything that appends the
>> global ACLs and instead change the access_allowed checker to reference
>> the global ACLs directly when needed.
> Agreed, that would also fix the problem that dynamic updates to the
> global ACLs requires a restart to be effective. I can look into this
> next week. To be sure I have the semantics correct, it should be to
> evalutate ALCs local to the backend first, then the global, until a
> matching entry has been found?
Right. Thanks for investigating this.
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/