Emmanuel Dreyfus wrote:
Pierangelo Masarati <[EMAIL PROTECTED]> wrote:
I mean: test006 is broken now, we can no longer make test. You should
check why the test is broken and try to fix it :) Probably, according
to the old access rule, a user with "add" permission for entries is
adding an entry without having "add" permission on all the attributes.
The culprit is the ACL on attrs=objectclass at the top of the file:
access to attrs=objectclass
by * =rsc stop
If I change it that way, test006 passes:
access to attrs=objectclass
by dn.exact="cn=Bjorn Jensen,ou=Information Technology
Division,ou=People,dc=example,dc=com" add
by * =rsc stop
Not sure it is a correct fix, through.
Sounds correct. I mean: since no objectClass modification was performed
in the test, given the expected behavior of access control for add
operations, there was no need to give anyone add permission on
objectClass. What you suggest seems to be the minimal add permission to
let the test pass, and I think it's fine to re-enable that test right
now. Should the test change (more add operations) acls will be tweaked
further.
Go ahead and commit :)
p.
Ing. Pierangelo Masarati
OpenLDAP Core Team
SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
-----------------------------------
Office: +39 02 23998309
Mobile: +39 333 4963172
Fax: +39 0382 476497
Email: [EMAIL PROTECTED]
-----------------------------------
