OpenLDAP is a volunteers driven project. Feel free to contribute. See http://www.openldap.org/devel/contribution
-Dieter Gesendet mit BlueMail Am 2. Sep. 2016, 00:21, um 00:21, Tom Jay <[email protected]> schrieb: >Hello, > >Can I make a request that certain features of the access control >documentation are emphasized? I've wasted quite a lot of time on this >and some simple rules (which already exist in the documentation) would >have been really helpful. These are: > >8. Access Control >8.2. Access Control via Static Configuration >8.2.5. Access Control Examples > >To all attributes except homePhone, an entry can write to itself, >entries under example.com entries can search by them, anybody else has >no access (implicit by * none) excepting for >authentication/authorization (which is always done anonymously). > >The fact that authentication is always done anonymously, even if >anonymous binds are disabled in the configuration, is very important. > >8.2.4. Access Control Evaluation > >Slapd stops with the first <what> selector that matches the entry >and/or attribute. > >This is also very important, as it explains exactly how the access >rules are processed. > >The order of evaluation of access directives makes their placement in >the configuration file important. > >I don't think this is emphasized enough, as it is critical to how the >access rules are processed. > >Also, some mention of the ACL log level would be useful! > > >Thanks. > > >Tom
