Quanah Gibson-Mount wrote:
I am presume this is a way of apply acl's to objects ?
Yes (experimental, deprecated and discouraged).
I think this is the very important part here -- deprecated and discouraged. I'd argue that long term, ACI support should be removed entirely (perhaps for 2.5?). The entire concept of ACI's is broken.
In 2.4 it __is__ removed: it's a separate module, which needs to be explicitly loaded by the administrator. Currently, some provision for statically building it into slapd remains, as soon as one --enable-dynacl.
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.n.c. Via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ------------------------------------------ Office: +39.02.23998309 Mobile: +39.333.4963172 Email: pierangelo.masarati@sys-net.it ------------------------------------------