Gavin Henry wrote:
----- "Pierangelo Masarati" ando@sys-net.it wrote:
Brad T Waldorf wrote:
I would definitely recommend replacing "may need to" with "must" in the
following
statement, as you suggested. "This ACL may need to be merged with
other
ACL statements."
Probably, that whole example should be removed, as it belongs to access control rather than to replication.
It's hard to present complete examples that way. I've other external feedback in various forums whereby users complain that N-Way is hard to understand, but they merely need to read the whole guide.
I0'm not speaking in general, but specifically related to that case.
access to * by <canreadall> read by * break
is:
1) generic, not necessarily specific to replication
2) incomplete, since it needs to integrate with other access rules
3) should be per-database, rather than global, IMHO.
So like it's now it creates more trouble than it helps solving.
I'm tempted to move complete working examples to the follow existing empty section:
http://www.openldap.org/doc/admin24/appendix-deployments.html
Sounds good.
This would however promoted copy-and-paste configurations.
That's inevitable, I fear, no matter what.
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ----------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Fax: +39 0382 476497 Email: ando@sys-net.it -----------------------------------