Hello,
Can I make a request that certain features of the access control
documentation are emphasized? I've wasted quite a lot of time on
this and some simple rules (which already exist in the
documentation) would have been really helpful. These are:
8. Access Control
8.2. Access Control via Static Configuration
8.2.5. Access Control Examples
To all attributes except homePhone, an entry can write to
itself, entries under example.com entries can search by
them, anybody else has no access (implicit by * none)
excepting for authentication/authorization (which is
always done anonymously).
The fact that authentication is always done
anonymously, even if anonymous binds are disabled in the
configuration, is very important.
8.2.4. Access Control Evaluation
Slapd stops with the first <what> selector that
matches the entry and/or attribute.
This is also very important, as it explains exactly
how the access rules are processed.
The order of evaluation of access directives
makes their placement in the configuration file important.
I don't think this is emphasized enough, as it is
critical to how the access rules are processed.
Also, some mention of the ACL log level would
be useful!
Thanks.
Tom