[Date Prev][Date Next]
Re: ACL access clause parsing
Today at 5:12pm, Pierangelo Masarati wrote:
> the <by> clauses are processed in order; at the first match
> the check stops. I believe this is the intended behavior
> ever since UMich's ldap-3.3. If you're simultaneously "self"
> and member of the "cn=Readers,..." group, in the first example
> the "by self" clause is not reached because the "by group"
> clause matches first, so you don't get write permission.
> In the second example, the "by self" clause matches first so
> you get write permission.
Ok, so 2.0 was broken then and I failed to properly test my ACL's when I
moved from 2.0 to 2.1...
I shall fix my mistake.