Am Thu, 29 Sep 2016 19:14:52 +0200
schrieb Hallvard Breien Furuseth <h.b.furuseth(a)usit.uio.no>:
On 29. sep. 2016 17:37, Ralf Mattes wrote:
>Am Donnerstag, 29. September 2016 17:20 CEST, Dieter Klünter
>> The reference is RFC3866
> That's the RFC for language and range tags, IIRC. What has this to
> do with the syntax of OpenLDAPs access control rules?
I do believe Dieter is talking about what the doc ought to be saying
but doesn't, since like me he knows LDAP to well to notice:-)
I'll file an ITS with a doc bug.
Briefly: "attributes" in indexes and ACLs generally refer to
attribute descriptions _and their subtypes_. An attribute
description is an attribute type optionally followed by ;options,
which are an extension of the original concept of ;language tags.
A type with a language tag or user-defined ;option is a sub-type
of the original type, just like "cn" is a subtype of "name".
E.g. cn;x-hidden is a subtype of cn, if you've defined x-hidden.
And so you can use access control rules on it, and the rules
for plain "cn" will apply if a rule for cn;x-hidden doesn't
merci Hallvard, for this clarification. My intention was to make clear
that tags are part of the protocol and thus described in protocol
specific documentation i.e. IETF docs, while access rules are openLDAP
specific, thus manual pages, in particular slapd.access(5). The guide
is volunteers driven basic documentation.
Dieter Klünter | Systemberatung
GPG Key ID: E9ED159B