On 3/6/21 1:41 PM, Frédéric Goudal wrote:
I understand that in the line : by * break
there is no need of an access level. But is there any other use case of no access level
Sorry for nit-picking: 'break' is not about assigning access rights
(privileges or levels). 'stop', 'break' and 'continue' simply
the flow of ACL processing.
The same privileges could be altered by several ACLs processed and
'break' is needed for passing control flow to the next ACL.
See section 'THE <CONTROL> FIELD' of slapd.access(5) for details.
As an example you could also take a look at Æ-DIR's replication ACLs:
In this setup 'ae-providers' is the group of all writeable provider
replicas and 'ae-replicas' is the group of all provider *and* read-only