(ITS#4759) aci comptibilty to V2.1; multiple attrs

Full_Name: Gerald Richter
Version: 2.3.30
OS: Linux
URL: ftp://ftp.openldap.org/incoming/Gerald-Richter-061123.patch
Submission from: (NULL) (


I found that due to the rewrite of ACI code, the possiblity to specify more than
one attribute in one ACI entry has gone lost. We discussed this already at the
beginning of the year on the mailing list.

I have made a patch, that is in heavy production use on several systems for some
time now, that again (as in OpenLDAP 2.1) allows to have multiple attributes in
one ACI. 

This is not only a compatibility issue, but also improves the performance of ACI
handling, if you need to specifiy a lot of attributes.

The patch also adds some more debugging output, that allows to easyer understand
what's going on, when you have set some ACI and it does not have the desired


This patch file is derived from OpenLDAP Software. All of the modifications to
OpenLDAP Software represented in the following patch(es) were developed by
Gerald Richter <richter@ecos.de>. These modifications are not subject to any
license of ecos GmbH.

Redistribution and use in source and binary forms, with or without modification,
are permitted only as authorized by the OpenLDAP Public License.