[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
dn.regex in ACLs, and in the admin guide
Hello,
I have some questions about slapd access-control directives.
In http://www.openldap.org/doc/admin21/slapdconfig.html#Access%20Control
there's the a BNF grammar, containing this set of expressions:
<what> ::= * |
[dn[.<basic-style>]=<regex> | dn.<scope-style>=<DN>]
[filter=<ldapfilter>] [attrs=<attrlist>]
<basic-style> ::= regex | exact
<scope-style> ::= base | one | subtree | children
However, in the slapd.access(5) manual page, there's the following
statement:
"base or exact (an alias of base)"
...within the paragraph that starts as so:
For all other qualifiers, the pattern is a string
representation of the entry's DN. base or exact (an alias of
base) indicates the entry whose DN is equal to the pattern.
If "exact" is an alias of "base", and "base" is a member of
<scope-style>, then :
1) dn.exact=<DN>
rather than dn.exact=<regex> which is how the grammar, above,
says it would be.
2) "exact" does not belong in the definition of <basic-style>,
within the BNF grammar.
...assuming that slapd.access(5) is the authoriative work, on it.
Sounds right?
--
sean champ