[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#7346) ACL processing: additive privs (using control continue)

daniel@pluta.biz wrote:
> Full_Name: Daniel Pluta
> Version: MASTER
> OS: Linux
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (
> For further explainations please vistit this technical-posting:
> http://www.openldap.org/lists/openldap-technical/201208/msg00025.html
> Testbed containing slapd.conf, data, ldapsearch-queries and 128-logs are given
> below.

As noted in the referenced email thread, this is working as designed.
"continue" controls are only useful when a following clause matches the same
subject and specifies incremental privileges. There are no following clauses
that match the subject in this case, so the implicit "by * none" at the end of
every ACL clause is applied.

Closing this ITS.
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/