Re: unclear documentation about openldap ACL definitions

Florian Best wrote:

Am 30.06.2016 um 11:29 schrieb Michael Ströder:

...

Setting the privileges is IMO sufficient.

I see this differently. One example where this is useful would be the following:

Maybe I do not fully understand your aim but...

I would like to e.g. add a rule at the very top of all ACL definitions:

"access to attrs=uidNumber value=0 by * none stop"

But this prevents that any other rule afterwards can make it *readable*.

...then don't do this. ;-)

Seriously: <who> clauses are also ordered. Simply use several of them in access directive(s) with one passing control flow with "break".

Ciao, Michael.