--On Monday, December 08, 2008 7:33 PM +0000 andrew.findlay@skills-1st.co.uk wrote:
Full_Name: Andrew Findlay Version: HEAD 2008-12-05 OS: SuSE 10.2 URL: Submission from: (NULL) (88.97.25.132)
Section 7.2.5 Access Control Examples says: ... Also note that if no access to directive matches or no by <who> clause, access is denied. That is, every access to directive ends with an implicit by * none clause and every access list ends with an implicit access to * by * none directive.
The statement about access *lists* ending with a deny directive is wrong (or at least misleading).
I think it is quite clear:
The structure of the access control directives is ... Lists of access directives are evaluated in the order they appear in slapd.conf.
Each <who> clause list is implicitly terminated by a
by * none stop
So, there are acl directives where each directive is an element of a list. Every element of a list of acl directives is terminated by * none stop.
--Quanah
--
Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration