Gavin Henry wrote:
Hi all,
Just playing in openldap-devel, with the next step being mirrormode, and
get this warning when running slapd with debug on:
config_back_db_open: line 0: warning: cannot assess the validity of
the ACL scope within backend naming context
So is this a seperate assessment outwith the normal syntax one?
I don't quite understand the warning.
That's quite informative, and issued at a very verbose log level.
Basically, the ACL parsing code checks whether a rule will actually be
used with the scope it can potentially apply to. For example, if you
place a rule
access to dn.subtree="" by * read
within a database with suffix "dc=example,dc=com", the rule might
potentially apply to any DN, but since it's placed within a database
with a non-empty suffix, it will only apply to
dn.subtree="dc=example,dc=com". So the ACL designer might be fooled
into believing that it will apply to any entry while it won't. This
doesn't mean that the ACL is wrong: it will do what's intended for;
that's why the warning is informative. In some cases, the ACL parsing
code cannot determine the scope of a rule (for example, when regular
expressions are involved); this causes the specific warning you see. If
you understood the ACL syntax and you believe your ACLs are correct, you
can safely ignore that warning.
p.
Ing. Pierangelo Masarati
OpenLDAP Core Team
SysNet s.n.c.
Via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
------------------------------------------
Office: +39.02.23998309
Mobile: +39.333.4963172
Email: [EMAIL PROTECTED]
------------------------------------------
