[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#5572) Append global ACL to new backends

Rein Tollevik wrote:
> Howard Chu wrote:
>> rein@OpenLDAP.org wrote:
>>> The global ACLs are not added to newly created backends, i.e a server
>>> restart
>>> must be done before they are included.  The patch at the end should
>>> fix this. OK
>>> to commit Howard?
>> My preference here would be to rip out everything that appends the
>> global ACLs and instead change the access_allowed checker to reference
>> the global ACLs directly when needed.
> Agreed, that would also fix the problem that dynamic updates to the
> global ACLs requires a restart to be effective.  I can look into this
> next week.  To be sure I have the semantics correct, it should be to
> evalutate ALCs local to the backend first, then the global, until a
> matching entry has been found?

Right. Thanks for investigating this.

   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/