Rein Tollevik wrote:
Howard Chu wrote:
rein@OpenLDAP.org wrote:
The global ACLs are not added to newly created backends, i.e a server restart must be done before they are included. The patch at the end should fix this. OK to commit Howard?
My preference here would be to rip out everything that appends the global ACLs and instead change the access_allowed checker to reference the global ACLs directly when needed.
Agreed, that would also fix the problem that dynamic updates to the global ACLs requires a restart to be effective. I can look into this next week. To be sure I have the semantics correct, it should be to evalutate ALCs local to the backend first, then the global, until a matching entry has been found?
Right. Thanks for investigating this.
-
hyc@symas.com