[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Permissions error



Quanah Gibson-Mount wrote:
"Slapd stops with the first <what> selector that matches the entry and/or
attribute. The corresponding access directive is the one slapd will use
to evaluate access."

Why would it stop? He has "by * break" which means that slapd will continue to evaluate the next set of ACL's. I use "by * break" extensively.

I'm somewhat confused on this point because I keep concise acls and haven't used controls much, but the syntax description from man slapd.access:


access to <what> [ by <who> <access> [ <control> ] ]+

indicated to me that the control (e.g. break) apply to the specific by clause and not to the whole rule. Reading in more detail, I now see this syntax is necessary to support continue.

On the other hand, per Kurt's comment, I'm also under the impression that processing stops at the first by clause that matches.

Jon Roberts
www.mentata.com