[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Problem with ACL and regex

ons, 10.03.2004 kl. 21.07 skrev Pierangelo Masarati:

> > In fact, the 2.2.x implementation is far more logical and thus easy to
> > implement. But nowhere is this documented.
> ... except in the most logical place: slapd.access(5), which, since
> its creation, is maintained as much as possible aligned with the code.

I should have mentioned slapd.access, sorry. That's where I go to
*confirm* what I've already found out for myself, not how to do things.
For example, a certain doctor of mathematics at a certain Romanian
Institute pointed out to me (in another connection) that granting
across-the-board ACL write access to the saslAuthzTo attribute ("what on
earth is that?") constituted a large security risk. He was right. It's
described in slapd.access. I hadn't seen it, and it isn't certain
reading the Admin Guide what saslAuthzTo actually does (yes, it mentions
saslAuthzTo, but not with any example).

> > You have to find out that
> > your old ACLs simply don't work any longer and work out for yourself
> > why. If you're lucky, you were half way there in 2.1.x already, so you
> > can guess the rest and try. If you go solely by the Admin guide, you're
> > sold.
> The admin guide has always been one step behind the code, because
> it takes a larger effort to update it.  trust the man pages, they're
> actively maintained.

I *trust* the man pages :)



mail: billy - at - billy.demon.nl