mirror of
https://git.openldap.org/openldap/openldap.git
synced 2024-12-21 03:10:25 +08:00
(ITS#5851 ACL behaviour does not match slapd.access(5))
This commit is contained in:
parent
5142f08323
commit
4fa19d927d
@ -218,7 +218,7 @@ When evaluating whether some requester should be given access to
|
|||||||
an entry and/or attribute, slapd compares the entry and/or attribute
|
an entry and/or attribute, slapd compares the entry and/or attribute
|
||||||
to the {{EX:<what>}} selectors given in the configuration file.
|
to the {{EX:<what>}} selectors given in the configuration file.
|
||||||
For each entry, access controls provided in the database which holds
|
For each entry, access controls provided in the database which holds
|
||||||
the entry (or the first database if not held in any database) apply
|
the entry (or the global access directives if not held in any database) apply
|
||||||
first, followed by the global access directives. Within this
|
first, followed by the global access directives. Within this
|
||||||
priority, access directives are examined in the order in which they
|
priority, access directives are examined in the order in which they
|
||||||
appear in the config file. Slapd stops with the first {{EX:<what>}}
|
appear in the config file. Slapd stops with the first {{EX:<what>}}
|
||||||
@ -422,9 +422,7 @@ Lines 12 through 14 indicate the indices to maintain for various
|
|||||||
attributes.
|
attributes.
|
||||||
|
|
||||||
Lines 16 through 24 specify access control for entries in this
|
Lines 16 through 24 specify access control for entries in this
|
||||||
database. As this is the first database, the controls also apply
|
database. For all applicable entries, the {{EX:userPassword}} attribute is writable
|
||||||
to entries not held in any database (such as the Root DSE). For
|
|
||||||
all applicable entries, the {{EX:userPassword}} attribute is writable
|
|
||||||
by the entry itself and by the "admin" entry. It may be used for
|
by the entry itself and by the "admin" entry. It may be used for
|
||||||
authentication/authorization purposes, but is otherwise not readable.
|
authentication/authorization purposes, but is otherwise not readable.
|
||||||
All other attributes are writable by the entry and the "admin"
|
All other attributes are writable by the entry and the "admin"
|
||||||
@ -635,7 +633,7 @@ When evaluating whether some requester should be given access to
|
|||||||
an entry and/or attribute, slapd compares the entry and/or attribute
|
an entry and/or attribute, slapd compares the entry and/or attribute
|
||||||
to the {{EX:<what>}} selectors given in the configuration. For
|
to the {{EX:<what>}} selectors given in the configuration. For
|
||||||
each entry, access controls provided in the database which holds
|
each entry, access controls provided in the database which holds
|
||||||
the entry (or the first database if not held in any database) apply
|
the entry (or the global access directives if not held in any database) apply
|
||||||
first, followed by the global access directives (which are held in
|
first, followed by the global access directives (which are held in
|
||||||
the {{EX:frontend}} database definition). Within this priority,
|
the {{EX:frontend}} database definition). Within this priority,
|
||||||
access directives are examined in the order in which they appear
|
access directives are examined in the order in which they appear
|
||||||
@ -944,9 +942,7 @@ Lines 30 through 32 indicate the indices to maintain for various
|
|||||||
attributes.
|
attributes.
|
||||||
|
|
||||||
Lines 33 through 41 specify access control for entries in this
|
Lines 33 through 41 specify access control for entries in this
|
||||||
database. As this is the first database, the controls also apply
|
database. For all applicable entries, the {{EX:userPassword}} attribute is writable
|
||||||
to entries not held in any database (such as the Root DSE). For
|
|
||||||
all applicable entries, the {{EX:userPassword}} attribute is writable
|
|
||||||
by the entry itself and by the "admin" entry. It may be used for
|
by the entry itself and by the "admin" entry. It may be used for
|
||||||
authentication/authorization purposes, but is otherwise not readable.
|
authentication/authorization purposes, but is otherwise not readable.
|
||||||
All other attributes are writable by the entry and the "admin"
|
All other attributes are writable by the entry and the "admin"
|
||||||
|
@ -57,8 +57,7 @@ updates to rootdn. (e.g., "access to * by * read").
|
|||||||
The rootdn can always read and write EVERYTHING!
|
The rootdn can always read and write EVERYTHING!
|
||||||
.LP
|
.LP
|
||||||
For entries not held in any backend (such as a root DSE), the
|
For entries not held in any backend (such as a root DSE), the
|
||||||
directives of the first backend (and any global directives) are
|
global directives are used.
|
||||||
used.
|
|
||||||
.LP
|
.LP
|
||||||
Arguments that should be replaced by actual text are shown in
|
Arguments that should be replaced by actual text are shown in
|
||||||
brackets <>.
|
brackets <>.
|
||||||
|
Loading…
Reference in New Issue
Block a user