Hallvard B Furuseth wrote:
I think iterating on all existing values when doing a full delete or a replace would fix this. Currently, write access to full deletion is checked without passing the value.What if there is no attribute to delete?
What you say is consistent with current behaviour, but current behaviour does not look right to me:
access to attrs=foo val=bar by * read access to * by self write by * read
does not prevent replace:foo if the entry contains foo:bar.
It's documented, though. But if it is the intended behaviour, I think slapd startup should at least try to warn about it. I'll file an ITS when I know what the error is:-)
SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497