On 3/6/21 1:41 PM, Frédéric Goudal wrote: > I understand that in the line : by * break > there is no need of an access level. But is there any other use case of no > access level ?
Sorry for nit-picking: 'break' is not about assigning access rights (privileges or levels). 'stop', 'break' and 'continue' simply control the flow of ACL processing. The same privileges could be altered by several ACLs processed and 'break' is needed for passing control flow to the next ACL. See section 'THE <CONTROL> FIELD' of slapd.access(5) for details. As an example you could also take a look at Æ-DIR's replication ACLs: https://gitlab.com/ae-dir/ansible-ae-dir-server/-/blob/master/templates/slapd/provider.conf.j2#L212 In this setup 'ae-providers' is the group of all writeable provider replicas and 'ae-replicas' is the group of all provider *and* read-only consumer replicas. Ciao, Michael.
