[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Incorrect snippet in delta-syncrepl example in admin guide?
- To: Gavin Henry <ghenry@OpenLDAP.org>
- Subject: Re: Incorrect snippet in delta-syncrepl example in admin guide?
- From: Pierangelo Masarati <ando@sys-net.it>
- Date: Mon, 06 Oct 2008 17:17:31 +0200
- Cc: Brad T Waldorf <bwaldorf@us.ibm.com>, openldap-technical@OpenLDAP.org
- In-reply-to: <10359944.971223298813140.JavaMail.root@mail>
- References: <10359944.971223298813140.JavaMail.root@mail>
- User-agent: Thunderbird 2.0.0.16 (X11/20080724)
Gavin Henry wrote:
----- "Pierangelo Masarati" <ando@sys-net.it> wrote:
Brad T Waldorf wrote:
I would
definitely recommend replacing "may need to" with "must" in the
following
statement, as you suggested. "This ACL may need to be merged with
other
ACL statements."
Probably, that whole example should be removed, as it belongs to
access
control rather than to replication.
It's hard to present complete examples that way. I've other external feedback in various forums
whereby users complain that N-Way is hard to understand, but they merely need to read the whole guide.
I0'm not speaking in general, but specifically related to that case.
access to * by <canreadall> read by * break
is:
1) generic, not necessarily specific to replication
2) incomplete, since it needs to integrate with other access rules
3) should be per-database, rather than global, IMHO.
So like it's now it creates more trouble than it helps solving.
I'm tempted to move complete working examples to the follow existing empty section:
http://www.openldap.org/doc/admin24/appendix-deployments.html
Sounds good.
This would however promoted copy-and-paste configurations.
That's inevitable, I fear, no matter what.
p.
Ing. Pierangelo Masarati
OpenLDAP Core Team
SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
-----------------------------------
Office: +39 02 23998309
Mobile: +39 333 4963172
Fax: +39 0382 476497
Email: ando@sys-net.it
-----------------------------------