Re: slapo-dynlist desgin question(s)

[Pierangelo Masarati <ando@sys-net.it>]

Howard Chu wrote:
> Pierangelo Masarati wrote:
> > Quanah Gibson-Mount wrote:
> > > > My intention is to be able to do something like:
> > > >
> > > > access to dn.exact="cn=groupa,cn=groups,dc=stanford,dc=edu"
> > >
> > > This should read:
> > >
> > > access to dn.exact="cn=groupa,cn=groups,dc=stanford,dc=edu" 
> > > attrs=member
> > Try this patch (to HEAD as of now).
>
> We already use is_auth_check in ACL checking, what is this 
> is_acl_check flag for?
auth_check means that's an authorization check, which causes ACL_READ to 
be turned into ACL_AUTH; acl_check means that the acl checking is part 
of a search that's internal to ACL checking itself, not only for auth 
purposes, and thus deserves to be performed with rootdn identity.  It's 
different.

p.



Ing. Pierangelo Masarati
OpenLDAP Core Team

SysNet s.n.c.
Via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
------------------------------------------
Office:   +39.02.23998309
Mobile:   +39.333.4963172
Email:    pierangelo.masarati@sys-net.it
------------------------------------------