[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACL access clause parsing

To: Pierangelo Masarati <ando@sys-net.it>
Subject: Re: ACL access clause parsing
From: Frank Swasey <Frank.Swasey@uvm.edu>
Date: Thu, 15 Apr 2004 11:19:04 -0400 (EDT)
Cc: OpenLDAP-Software@OpenLDAP.org
In-reply-to: <59528.131.175.154.56.1082041965.squirrel@webmail.sys-net.it>
References: <Pine.LNX.4.58.0404151037530.28871@ebova.hiz.rqh> <59528.131.175.154.56.1082041965.squirrel@webmail.sys-net.it>

Today at 5:12pm, Pierangelo Masarati wrote:

> the <by> clauses are processed in order; at the first match
> the check stops.  I believe this is the intended behavior
> ever since UMich's ldap-3.3.  If you're simultaneously "self"
> and member of the "cn=Readers,..." group, in the first example
> the "by self" clause is not reached because the "by group"
> clause matches first, so you don't get write permission.
> In the second example, the "by self" clause matches first so
> you get write permission.

Ok, so 2.0 was broken then and I failed to properly test my ACL's when I
moved from 2.0 to 2.1...

I shall fix my mistake.

F

References:
- ACL access clause parsing
  - From: Frank Swasey <Frank.Swasey@uvm.edu>
- Re: ACL access clause parsing
  - From: "Pierangelo Masarati" <ando@sys-net.it>

Prev by Date: Re: ACL access clause parsing
Next by Date: RE: How to set new paged result limit [WAS] RE: Paged results flakey - and hdb vs bdb
Index(es):
- Chronological
- Thread