[please, keep replies on the list] > As a note with replication between 2.2 and 2.3, if you use ACI's then 2.3.8 or so and above will barf because the syntax changed between the two versions. Since I am in the middle of migrating to 2.3 from 2.2 I had to compile 2.3.11 with a hack to ignore the syntax on the replicas since we really only use write ACI's until we finish > upgrading the master server. > > But I agree 2.1.x is ancient. Although still shipped with lots of distributions.
ACI syntax recently saw some development in the sense that it was formalized into a real syntax (which, sigh, I admit it has never been ultimately documented), so that it's validated (and normalized) as soon as it gets written, while in earlier versions errors would have gone unnoticed and, which is worse, incorrect rules would have been discarded while checking access, leading to potential security issues (you write a rule and you don't even get warned that that rule is being plainly ignored). I don't think that real syntax changes occurred (I mean: there might have been additions, but previously supported stuff should still work, if valid); if you noticed any, they were likely unintended, or they were required for consistency. You should point them out (if you can prepare a clear, detailed and exaustive report you can use the ITS, otherwise this mailing list should be appropriate). Differences could then be noted in the FAQ (as ACIs have always been experimental) possibly with a note somewhere else that indicates some generic changes between versions, to warn users. p. Ing. Pierangelo Masarati Responsabile Open Solution OpenLDAP Core Team SysNet s.n.c. Via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ------------------------------------------ Office: +39.02.23998309 Mobile: +39.333.4963172 Email: [EMAIL PROTECTED] ------------------------------------------
