Rein Tollevik wrote: > On Mon, 24 Mar 2008, Howard Chu wrote: > >> [EMAIL PROTECTED] wrote: >>> The change to servers/slapd/backend.c for ITS#5416 seem to have broken the >>> ability for group and set statements in access control lines to refer to >>> entries >>> outside the backend currently being operated on. >> That ability was never intended in the first place. Historically, backends in >> slapd have been treated as isolated DSAs with no connection to each other. >> They've required special mechanisms (like back-relay or slapo-glue) to be >> joined. > > Yes, I know, the change that allowed this was imo the one that made sets > and groups really useful. Our database configuration still has traces of > the workarounds the lack of this feature once forced us to make.. > > But, the latest change also removes this ability for databases subordinate > to the same common superior (i.e using the slapo-glue). If I understand > you correct it is a bug that glue'ed databases cannot refer to each other, > although I still consider it a bug (or at least a huge drawback) if this > would no longer be generally possible.
Actually, looking back over CVS, it seems this ability has existed since OpenLDAP 2.0, intended or not. Will have to work up a better solution to restore that behavior. -- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
