[Date Prev][Date Next]
Re: ACL access control flux; CONTINUE
At 11:47 AM 7/3/2006, Forrest Gump wrote:
> I have a little doubt about how the ACL works with the flux control CONTINUE.
> I mean... the BREAK junps to the next matched clausule, and CONTINUE?
> to the next matched BY?? or just to the next??
> An example:
> access to dn.subtree="dc=br"
> by dn.subtree="ou=house,dc=br" read continue
> by dn.base="uid=houseAdmin,ou=house,dc=br" write
> Let me explain what happens here: every object below "ou=house,dc=br" get mached when the first BY directive is checked and is granted the READ right, but because the flux control CONTINUE, will every object be allowed to WRITE on "dc=br" subtree?? or only "uid=houseAdmin,ou=house,dc=br"??
The access statement above is equivalent to:
access to dn.subtree="dc=br"
by dn.base="uid=houseAdmin,ou=house,dc=br" write
That is, the subsequent statements assign either "write" or
It is pointless to use "continue" when the remaining clauses
assign rights (as opposed to increment rights). See
http://www.openldap.org/faq/index.cgi?file=454 for a example
> thx for helping!
> Abra sua conta no Yahoo! Mail - 1GB de espaço, alertas de e-mail no celular e anti-spam realmente eficaz.