[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#7066) ACL added to back-config only active after restart

To: openldap-its@OpenLDAP.org
Subject: (ITS#7066) ACL added to back-config only active after restart
From: rhafer@suse.de
Date: Tue, 18 Oct 2011 12:45:25 GMT
Auto-submitted: auto-generated (OpenLDAP-ITS)

Full_Name: Ralf Haferkamp
Version: RE24, master
OS: 
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (89.166.171.158)


The first ACL added to "olcDatabase={0}config,cn=config" does only get active
after slapd is restarted. This is because slapd upon startup creates a hardcoded
deny-everything ACL when no ACL is defined explicitly for the database. ACLs
added after slapd is started will be appended to that hardcoded ACL (but never
evaluated as the hardcoded one already matches everything).

I am working on a fix, reworking the way how the hardcoded default ACL for
olcDatabase={0}config,cn=config is applied.

Prev by Date: (ITS#7065) changeType: modify "replace/delete" trick causes segmentation fault in cn=config
Next by Date: Re: (ITS#6987) cn=config renumbers indexes on startup without modrdn-ing them
Index(es):
- Chronological
- Thread