[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Global ACLs - Impacts access control and SLAPI (ITS#3100)

> I wouldn't have much problem with slapd only applying
> global ACLs to entries outside of contexts IF
> global ACLs were specified.  But if no global ACLs were
> specified, then first database ACLs should be applied.
> This give you your shortcut without, I hope, breaking
> deployments which rely on the existing behavior.

Sure.  I just committed a(n experimental) test to access
rules at parse time, that tries to guess if access rules
are acting strictly within the naming context of a backend
or are totally invalid or match more than the naming context
and so.  It only issues warnings, and is protected behind
#ifdef LDAP_DEVEL; it's not intended for release, but as
"food for thoughts" on how I mean access scoping.  Feel free
to wipe it out any time.


Pierangelo Masarati