[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: [Fwd: Re: running out of file descriptors]

Howard Chu wrote:

re: ACL regex behavior - was this change a mistake? Seems to be rather annoying.

-------- Original Message --------
Date:     Tue, 23 Nov 2004 13:05:18 +1100 (EST)
From:     Dave Horsfall <daveh@ci.com.au>
To:     OpenLDAP software list <openldap-software@OpenLDAP.org>
Subject:     Re: running out of file descriptors

An upgrade and defining "idletimeout" in slapd.conf will fix this problem.
Note that a 2.0 to 2.2 upgrade is not trivial.

But it can be done with a bit of preparation.

The other main thing is that ACLs have changed; pattern matches need to
change to 'access to dn.regex="^uid=.*,dc=.*,dc=cordoors,dc=com$"' etc.

It was intended, and there was a brief discussion. To make it short, making "regex" the default was seen as not ggod because (a) dangerous when people write regexes without all the due care (b) error-prone because leading to excessive use where not strictly required. I was in favour of disallowing default at all, __REQUIRING__ a style specificatior to be used all times, to further avoid confusion. I still think that would be the best, because it would break existing configurations once for all and require most system administrators to think if they really require those ACLs to be written that way.


   SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497