Am Dienstag 02 November 2010, 16:57:38 schrieb Benjamin Griese:
Hello Ralf,
nice to know that someone from Novell is reading here, too.
Currently I have opened up a Service Request regarding this topic at Novells Suport Center and pointed that out as a Feature Request but also as problem I and other people have and are lookinf for a workaround.
The feature request is regarding build the overlays as dynamic modules, I guess? Yes that's something we are looking into as well. But for this special SSS/VLV issue there is already a fix in CVS which I we will most probably include in our packages. Changing from static overlays to dynamic overlays is unlikely to happen during the SLES11 timeframe I think (but we are getting off topic ...)
Too bad I am really low experienced in building complex ACLs to filter stuff like this, maybe someone else is able to help us (James and me) to workaround that problem.
Something like this should work:
access to dn.base="" attrs=supportedControl val/objectIdentifierMatch=1.2.840.113556.1.4.473 by * none access to dn.base="" attrs=supportedControl val/objectIdentifierMatch=2.16.840.1.113730.3.4.9 by * none
I just found out however that there seems to be a bug in the ACL code when the above ACL appear as the first ACL in the configuration :(. I am still trying to track down that problem. So please make sure to have another ACL before them (one that doesn't apply to the "supportedControl" Attribute of course).
I'll give it a shot and let you know if it's working or not. :)
Good luck.
Ralf