[Date Prev][Date Next]
Re: Permissions error
Quanah Gibson-Mount wrote:
"Slapd stops with the first <what> selector that matches the entry and/or
attribute. The corresponding access directive is the one slapd will use
to evaluate access."
Why would it stop? He has "by * break" which means that slapd will
continue to evaluate the next set of ACL's. I use "by * break"
I'm somewhat confused on this point because I keep concise acls and
haven't used controls much, but the syntax description from man
access to <what> [ by <who> <access> [ <control> ] ]+
indicated to me that the control (e.g. break) apply to the specific by
clause and not to the whole rule. Reading in more detail, I now see this
syntax is necessary to support continue.
On the other hand, per Kurt's comment, I'm also under the impression
that processing stops at the first by clause that matches.