[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#5852) ACL behaviour does not match Admin Guide

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#5852) ACL behaviour does not match Admin Guide
From: quanah@zimbra.com
Date: Mon, 8 Dec 2008 21:01:44 GMT

--On Monday, December 08, 2008 7:33 PM +0000 
andrew.findlay@skills-1st.co.uk wrote:

> Full_Name: Andrew Findlay
> Version: HEAD 2008-12-05
> OS: SuSE 10.2
> URL:
> Submission from: (NULL) (88.97.25.132)
>
>
> Section 7.2.5 Access Control Examples says:
> ...
> Also note that if no access to directive matches or no by <who> clause,
> access is denied. That is, every access to directive ends with an
> implicit by * none clause and every access list ends with an implicit
> access to * by * none directive.
>
> The statement about access *lists* ending with a deny directive is wrong
> (or at least misleading).

I think it is quite clear:

       The structure of the access control directives is
...
     Lists of access directives are evaluated in the order  they  appear  in
       slapd.conf.

	Each <who> clause list is implicitly terminated by a

	    by * none stop


So, there are acl directives where each directive is an element of a list. 
Every element of a list of acl directives is terminated by * none stop.

--Quanah

--

Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra ::  the leader in open source messaging and collaboration

Prev by Date: (ITS#5852) ACL behaviour does not match Admin Guide
Next by Date: Re: (ITS#5840) bdb_online_index and shutdown
Index(es):
- Chronological
- Thread