https://bugs.openldap.org/show_bug.cgi?id=9238
Bug ID: 9238 Summary: access control documentation is confusing Product: OpenLDAP Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: documentation Assignee: bugs@openldap.org Reporter: kop@karlpinc.com Target Milestone: ---
Created attachment 716 --> https://bugs.openldap.org/attachment.cgi?id=716&action=edit git format-patch output
slapd.access says "Access control checking stops at the first match of the <what> and <who> clause, unless otherwise dictated by the <control> clause." But this, by itself, is wrong. You have to read the next sentence, which says there's an implicit "by * none stop", meaning that the default is to stop when only <what> matches.
Patch attached.
I, Karl O. Pinc, hereby place the following modifications to OpenLDAP Software (and only these modifications) into the public domain. Hence, these modifications may be freely used and/or redistributed for any purpose with or without attribution and/or other notice.
https://bugs.openldap.org/show_bug.cgi?id=9238
Karl O. Pinc kop@karlpinc.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Attachment #716 is|0 |1 obsolete| |
--- Comment #1 from Karl O. Pinc kop@karlpinc.com --- Created attachment 717 --> https://bugs.openldap.org/attachment.cgi?id=717&action=edit git format-patch (browser uploaded the wrong file the first time)
https://bugs.openldap.org/show_bug.cgi?id=9238
Karl O. Pinc kop@karlpinc.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Attachment #717 is|0 |1 obsolete| |
--- Comment #2 from Karl O. Pinc kop@karlpinc.com --- Created attachment 718 --> https://bugs.openldap.org/attachment.cgi?id=718&action=edit git format-patch patch (I uploaded the wrong file the 2nd time)
https://bugs.openldap.org/show_bug.cgi?id=9238
Karl O. Pinc kop@karlpinc.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |kop@karlpinc.com
--- Comment #3 from Karl O. Pinc kop@karlpinc.com --- I uploaded the wrong patch, twice, so please make sure you use the latest attachment.
https://bugs.openldap.org/show_bug.cgi?id=9238
--- Comment #4 from Karl O. Pinc kop@karlpinc.com --- Created attachment 719 --> https://bugs.openldap.org/attachment.cgi?id=719&action=edit replacement git format-patch patch
New patch revision.
https://bugs.openldap.org/show_bug.cgi?id=9238
--- Comment #5 from Karl O. Pinc kop@karlpinc.com --- Comment on attachment 718 --> https://bugs.openldap.org/attachment.cgi?id=718 git format-patch patch (I uploaded the wrong file the 2nd time)
This attachment is obsolete
https://bugs.openldap.org/show_bug.cgi?id=9238
Karl O. Pinc kop@karlpinc.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Attachment #718 is|0 |1 obsolete| | Attachment #719 is|0 |1 obsolete| |
--- Comment #6 from Karl O. Pinc kop@karlpinc.com --- Created attachment 723 --> https://bugs.openldap.org/attachment.cgi?id=723&action=edit A revised patch
Sentences should end lines in roff.
https://bugs.openldap.org/show_bug.cgi?id=9238
Karl O. Pinc kop@karlpinc.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Attachment #723 is|0 |1 obsolete| |
--- Comment #7 from Karl O. Pinc kop@karlpinc.com --- Created attachment 725 --> https://bugs.openldap.org/attachment.cgi?id=725&action=edit Really does put newlines at end of sentences
upload conniptions
https://bugs.openldap.org/show_bug.cgi?id=9238
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|--- |2.5.0 Keywords| |OL_2_5_REQ
https://bugs.openldap.org/show_bug.cgi?id=9238
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|2.5.0 |2.5.1
https://bugs.openldap.org/show_bug.cgi?id=9238
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|2.5.1 |2.5.3
https://bugs.openldap.org/show_bug.cgi?id=9238
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Assignee|bugs@openldap.org |ondra@mistotebe.net
https://bugs.openldap.org/show_bug.cgi?id=9238
Ondřej Kuzník ondra@mistotebe.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |TEST Status|UNCONFIRMED |RESOLVED
--- Comment #8 from Ondřej Kuzník ondra@mistotebe.net --- applied in master
https://bugs.openldap.org/show_bug.cgi?id=9238
Ondřej Kuzník ondra@mistotebe.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|2.5.3 |2.5.2 Keywords|OL_2_5_REQ |
https://bugs.openldap.org/show_bug.cgi?id=9238
--- Comment #9 from Quanah Gibson-Mount quanah@openldap.org --- • 7077dc31 by Karl O. Pinc at 2021-02-17T15:02:33+00:00 Better explanation of when access control processing stops
https://bugs.openldap.org/show_bug.cgi?id=9238
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Resolution|TEST |FIXED
https://bugs.openldap.org/show_bug.cgi?id=9238
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |VERIFIED
-
openldap-its@openldap.org