Sent: Thu May 24 2012 07:02:28 GMT-0400 (EDT)
From: Nick Milas <nick@eurobjects.com>
To: openldap-technical <openldap-technical@openldap.org>
Subject: dn.exact vs dn.base
I was wondering whether there is any difference
between dn.exact and dn.base constructs.
For example, theoretically (according to the documentation) we
can use either:
access to dn.base="ou=system,dc=example,dc=com"
by dn.exact="uid=userx,ou=people,dc=example,dc=com" write
or:
access to dn.exact="ou=system,dc=example,dc=com"
by dn.base="uid=userx,ou=people,dc=example,dc=com" write
It seems to me that the two forms are interchangeable (as used,
e.g. here: http://www.openldap.org/faq/data/cache/1140.html)
Can you please clarify?
Thanks,
Nick
Went digging through the source as I've been
curious about this as well. Turns out, the difference is nothing
:-)
if ( style == NULL || *style == '\0' ||
strcasecmp( style, "exact" ) == 0 ||
strcasecmp( style, "baseObject" ) == 0 ||
strcasecmp( style, "base" ) == 0 )
{
sty = ACL_STYLE_BASE;
-Patrick