Re: Ang. RE: Bdb defaults - WAS: problem importing entries.

["Pierangelo Masarati" <ando@sys-net.it>]

> So, we assume that (since the docs aren't currently sufficient to cover
> some of these minor distinctions with useable ACLs) everyone using
> OpenLDAP must be able to read and understand all the ACL code before
> setting up an OpenLDAP server?
>
> If this is the case, now we can see why:
> - -relatively few people successfully deploy OpenLDAP
> - -many of those that do have flawed installations
> - -samba people will be implementing an LDAP-like db (since they consider
> setting openldap up as too difficult for typical samba admins) instead
> of just using openldap directly
>
> (of course, having slapacl should hopefully improve matters)


no; all that is required (maybe some details are still missing:
sets, some permissions on some attributes for very special
operations) is in slapd.access(5), at least that of the latest 2.2;
I wrote code because (it's obvious) that's the definite source
of information.  It's not simply a silly comment: I'm the one who
wrote slapd.access(5), because I was sick of having to find out how
ACLs worked, and I had to spend some time looking at the code
and running tests to write it.  I know it's not easy to read and
to use, but at least it's (almost) complete.  I don't pretend every
user to read the code, but if you really need something, that's
the way to go, and if more people did it, and documented the findings,
open-source software would me much easier to use.  Then I wrote
slapacl, because I was sick of running slapd to see if my ACLs were
right.  It should be dependable, because it uses 99% of the code that
slapd uses, and reads exactly the same configuration that will be read
by slapd, and so on.

p.

-- 
Pierangelo Masarati
mailto:pierangelo.masarati@sys-net.it


    SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497