Am Thu, 29 Sep 2016 19:14:52 +0200 schrieb Hallvard Breien Furuseth h.b.furuseth@usit.uio.no:
On 29. sep. 2016 17:37, Ralf Mattes wrote:
Am Donnerstag, 29. September 2016 17:20 CEST, Dieter Klünter dieter@dkluenter.de schrieb:
The reference is RFC3866
That's the RFC for language and range tags, IIRC. What has this to do with the syntax of OpenLDAPs access control rules?
I do believe Dieter is talking about what the doc ought to be saying but doesn't, since like me he knows LDAP to well to notice:-) I'll file an ITS with a doc bug.
Briefly: "attributes" in indexes and ACLs generally refer to attribute descriptions _and their subtypes_. An attribute description is an attribute type optionally followed by ;options, which are an extension of the original concept of ;language tags. A type with a language tag or user-defined ;option is a sub-type of the original type, just like "cn" is a subtype of "name".
E.g. cn;x-hidden is a subtype of cn, if you've defined x-hidden. And so you can use access control rules on it, and the rules for plain "cn" will apply if a rule for cn;x-hidden doesn't match first.
merci Hallvard, for this clarification. My intention was to make clear that tags are part of the protocol and thus described in protocol specific documentation i.e. IETF docs, while access rules are openLDAP specific, thus manual pages, in particular slapd.access(5). The guide is volunteers driven basic documentation.
-Dieter