[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Different versions play well?

[please, keep replies on the list]

> As a note with replication between 2.2 and 2.3, if you use ACI's then
2.3.8 or so and above will barf because the syntax changed between the
two versions.  Since I am in the middle of migrating to 2.3 from 2.2 I
had to compile 2.3.11 with a hack to ignore the syntax on the replicas
since we really only use write ACI's until we finish
> upgrading the master server.
> But I agree 2.1.x is ancient.  Although still shipped with lots of

ACI syntax recently saw some development in the sense that it was
formalized into a real syntax (which, sigh, I admit it has never been
ultimately documented), so that it's validated (and normalized) as soon as
it gets written, while in earlier versions errors would have gone
unnoticed and, which is worse, incorrect rules would have been discarded
while checking access, leading to potential security issues (you write a
rule and you don't even get warned that that rule is being plainly

I don't think that real syntax changes occurred (I mean: there might have
been additions, but previously supported stuff should still work, if
valid); if you noticed any, they were likely unintended, or they were
required for consistency.  You should point them out (if you can prepare a
clear, detailed and exaustive report you can use the ITS, otherwise this
mailing list should be appropriate).  Differences could then be noted in
the FAQ (as ACIs have always been experimental) possibly with a note
somewhere else that indicates some generic changes between versions, to
warn users.


Ing. Pierangelo Masarati
Responsabile Open Solution
OpenLDAP Core Team

SysNet s.n.c.
Via Dossi, 8 - 27100 Pavia - ITALIA
Office:   +39.02.23998309          
Mobile:   +39.333.4963172
Email:    pierangelo.masarati@sys-net.it