[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACL evaluation on ADD operations (ITS#4556)

On Mon, Nov 10, 2008 at 12:01:16PM -0800, Quanah Gibson-Mount wrote:

> Currently, ACL evaluation doesn't behave the way people always expect on 
> ADD operations (see ITS#4556).  This has been fixed in HEAD, but not 
> currently applied to RE24.  I'm currently working on 2.4.13, and wanted to 
> gather general feedback on whether or not it is thought this change should 
> be included.  It is a distinct change in behavior, and will break expected 
> behavior for some folks.

It is not clear from the ITS page exactly what the fix eventually was.
The discussion turned to ditStructureRules at followup 6, and by
followup 8 it appears that the issue is considered 'fixed'.

I assume that the fix was to enforce ACLs on the attributes of an
entry before adding it, as originally requested in the ITS. This will
need a note in the Admin Guide, but it seems like a Good Thing To Do.
I would consider the old (non-enforcing on add) behaviour to be wrong
so I would not be worried by the ACLs being enforced in a future version.

|                 From Andrew Findlay, Skills 1st Ltd                 |
| Consultant in large-scale systems, networks, and directory services |
|     http://www.skills-1st.co.uk/                +44 1628 782565     |