[Date Prev][Date Next] [Chronological] [Thread] [Top]

dn.regex in ACLs, and in the admin guide

To: openldap-software@OpenLDAP.org
Subject: dn.regex in ACLs, and in the admin guide
From: Sean Champ <gimbal@sdf.lonestar.org>
Date: Fri, 31 Oct 2003 15:47:14 -0800
Content-disposition: inline
User-agent: Mutt/1.5.4i

Hello,

I have some questions about slapd access-control directives.


In http://www.openldap.org/doc/admin21/slapdconfig.html#Access%20Control
there's the a BNF grammar, containing this set of expressions:

	<what> ::= * |
                [dn[.<basic-style>]=<regex> | dn.<scope-style>=<DN>]
                [filter=<ldapfilter>] [attrs=<attrlist>]

	<basic-style> ::= regex | exact

        <scope-style> ::= base | one | subtree | children


However, in the slapd.access(5) manual page, there's the following
statement:

	 "base or exact (an alias of base)" 

...within the paragraph that starts as so:

       For all other qualifiers, the pattern is a string
       representation of the entry's DN.  base or exact (an alias of
       base) indicates the entry whose DN is equal to the pattern.



If "exact" is an alias of "base", and "base" is a member of
<scope-style>, then :

  1)  dn.exact=<DN>

      rather than dn.exact=<regex> which is how the grammar, above,
      says it would be.

  2) "exact" does not belong  in the definition of <basic-style>,
      within the BNF grammar.



...assuming that slapd.access(5) is the authoriative work, on it.


Sounds right?

--
sean champ

Prev by Date: R: monitoring slapd
Next by Date: Re: R: monitoring slapd
Index(es):
- Chronological
- Thread