Sent: Thu May 24 2012 07:02:28 GMT-0400 (EDT) From: Nick Milas nick@eurobjects.com To: openldap-technical openldap-technical@openldap.org Subject: dn.exact vs dn.base

I was wondering whether there is any difference between dn.exact and dn.base constructs.

For example, theoretically (according to the documentation) we can use either:

access to dn.base="ou=system,dc=example,dc=com" by dn.exact="uid=userx,ou=people,dc=example,dc=com" write

or:

access to dn.exact="ou=system,dc=example,dc=com" by dn.base="uid=userx,ou=people,dc=example,dc=com" write

It seems to me that the two forms are interchangeable (as used, e.g. here: http://www.openldap.org/faq/data/cache/1140.html)

Can you please clarify?

Thanks, Nick

Went digging through the source as I've been curious about this as well. Turns out, the difference is nothing :-)

if ( style == NULL || *style == '\0' || strcasecmp( style, "exact" ) == 0 || strcasecmp( style, "baseObject" ) == 0 || strcasecmp( style, "base" ) == 0 ) { sty = ACL_STYLE_BASE;

-Patrick