[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACL access clause parsing

Today at 5:12pm, Pierangelo Masarati wrote:

> the <by> clauses are processed in order; at the first match
> the check stops.  I believe this is the intended behavior
> ever since UMich's ldap-3.3.  If you're simultaneously "self"
> and member of the "cn=Readers,..." group, in the first example
> the "by self" clause is not reached because the "by group"
> clause matches first, so you don't get write permission.
> In the second example, the "by self" clause matches first so
> you get write permission.

Ok, so 2.0 was broken then and I failed to properly test my ACL's when I
moved from 2.0 to 2.1...

I shall fix my mistake.