[Date Prev][Date Next]
Re: Ang. RE: Bdb defaults - WAS: problem importing entries.
-----BEGIN PGP SIGNED MESSAGE-----
Pierangelo Masarati wrote:
|>-----BEGIN PGP SIGNED MESSAGE-----
|>Pierangelo Masarati wrote:
|>| You see, I madew my own set of mistakes; this
|>|>access to dn.regex="^(.+,)?ou=.+,(dc=.+,?)+$"
|>| should have actually been
|>| access to dn.regex="^(.+,)?ou=.+,(dc=[^,]+)+$"
|>| in any case far from
|>|>>>access to dn="(.+,)?,ou=.+,(dc=.+,?)+$$"
|>So, does this show that examples should not be given? It would seem not
| :) this, imho, means that I should have looked at my counterexample a bit
| more before hitting "send", and that the cases I first used to test my
| counterexample with slapacl were enough to criticize your example but not
| to criticize mine, and that while it's easy to spot some bugs it's
| difficult to spot all of them at a glance. The "works for me" rule is
| likely to be wrong more often than the "I read and understood the
| docs[/code], so I'm positive it's right unless proven wrong" rule.
So, we assume that (since the docs aren't currently sufficient to cover
some of these minor distinctions with useable ACLs) everyone using
OpenLDAP must be able to read and understand all the ACL code before
setting up an OpenLDAP server?
If this is the case, now we can see why:
- -relatively few people successfully deploy OpenLDAP
- -many of those that do have flawed installations
- -samba people will be implementing an LDAP-like db (since they consider
setting openldap up as too difficult for typical samba admins) instead
of just using openldap directly
(of course, having slapacl should hopefully improve matters)
Buchan Milne Senior Support Technician
Obsidian Systems http://www.obsidian.co.za
B.Eng RHCE (803004789010797)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----