On 3/6/21 1:41 PM, Frédéric Goudal wrote:
I understand that in the line : by * break there is no need of an access level. But is there any other use case of no access level ?
Sorry for nit-picking: 'break' is not about assigning access rights (privileges or levels). 'stop', 'break' and 'continue' simply control the flow of ACL processing.
The same privileges could be altered by several ACLs processed and 'break' is needed for passing control flow to the next ACL.
See section 'THE <CONTROL> FIELD' of slapd.access(5) for details.
As an example you could also take a look at Æ-DIR's replication ACLs:
https://gitlab.com/ae-dir/ansible-ae-dir-server/-/blob/master/templates/slap...
In this setup 'ae-providers' is the group of all writeable provider replicas and 'ae-replicas' is the group of all provider *and* read-only consumer replicas.
Ciao, Michael.