<quote who="Pierangelo Masarati"> > Gavin Henry wrote: >> Hi all, >> >> Just playing in openldap-devel, with the next step being mirrormode, and >> get this warning when running slapd with debug on: >> >> config_back_db_open: line 0: warning: cannot assess the validity of >> the ACL scope within backend naming context >> >> So is this a seperate assessment outwith the normal syntax one? >> >> I don't quite understand the warning. >> > That's quite informative, and issued at a very verbose log level. > Basically, the ACL parsing code checks whether a rule will actually be > used with the scope it can potentially apply to. For example, if you > place a rule > > access to dn.subtree="" by * read > > within a database with suffix "dc=example,dc=com", the rule might > potentially apply to any DN, but since it's placed within a database > with a non-empty suffix, it will only apply to > dn.subtree="dc=example,dc=com". So the ACL designer might be fooled > into believing that it will apply to any entry while it won't. This > doesn't mean that the ACL is wrong: it will do what's intended for; > that's why the warning is informative. In some cases, the ACL parsing > code cannot determine the scope of a rule (for example, when regular > expressions are involved); this causes the specific warning you see. If > you understood the ACL syntax and you believe your ACLs are correct, you > can safely ignore that warning.
Understood, thanks. Gavin. > > p. > > > > Ing. Pierangelo Masarati > OpenLDAP Core Team > > SysNet s.n.c. > Via Dossi, 8 - 27100 Pavia - ITALIA > http://www.sys-net.it > ------------------------------------------ > Office: +39.02.23998309 > Mobile: +39.333.4963172 > Email: [EMAIL PROTECTED] > ------------------------------------------ > >
