[Bug 559070] Re: Lucid (or karmic) slapd upgrade does not really allow localroot cn=config manage rights

Tue Apr 13 16:11:23 BST 2010

As documented in slapd.access man page:

       Lists  of  access  directives are evaluated in the order they appear in
       slapd.conf.  When a <what> clause matches the  datum  whose  access  is
       being evaluated, its <who> clause list is checked.  When a <who> clause
       matches the accessor's properties, its <access> and  <control>  clauses
       are evaluated.  Access control checking stops at the first match of the
       <what> and <who> clause, unless otherwise  dictated  by  the  <control>
       clause.  Each <who> clause list is implicitly terminated by a

            by * none stop

This is why there needs to be a "by * break" at the end of the access
control line - otherwise access will always be denied even if additional
ACLs are added to the cn=config tree.

-- 
Lucid (or karmic) slapd upgrade does not really allow localroot cn=config manage rights
https://bugs.launchpad.net/bugs/559070
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openldap in ubuntu.