Quanah Gibson-Mount wrote: >>> I am presume this is a way of apply acl's to objects ? >> >> >> Yes (experimental, deprecated and discouraged). > > I think this is the very important part here -- deprecated and > discouraged. I'd argue that long term, ACI support should be removed > entirely (perhaps for 2.5?). The entire concept of ACI's is broken.
In 2.4 it __is__ removed: it's a separate module, which needs to be explicitly loaded by the administrator. Currently, some provision for statically building it into slapd remains, as soon as one --enable-dynacl. p. Ing. Pierangelo Masarati OpenLDAP Core Team SysNet s.n.c. Via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ------------------------------------------ Office: +39.02.23998309 Mobile: +39.333.4963172 Email: [EMAIL PROTECTED] ------------------------------------------
