sep = 1;
}
- rdnlen = (ber_len_t)dn_rdnlen( NULL, &dn );
+ rdnlen = dn_rdnlen( NULL, &dn );
if ( rdnlen != dn.bv_len - patlen - sep )
return ACL_SCOPE_ERR;
}
} else if ( strcasecmp( left, "attr" ) == 0 /* TOLERATED */
|| strcasecmp( left, "attrs" ) == 0 ) /* DOCUMENTED */
{
+ if ( strcasecmp( left, "attr" ) == 0 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: \"attr\" "
+ "is deprecated (and undocumented); "
+ "use \"attrs\" instead.\n",
+ fname, lineno, 0 );
+ }
+
a->acl_attrs = str2anlist( a->acl_attrs,
right, "," );
if ( a->acl_attrs == NULL ) {
acl_usage();
}
free( bv.bv_val );
+ if ( sty == ACL_STYLE_BASE
+ && be != NULL
+ && !BER_BVISNULL( &be->be_rootndn )
+ && dn_match( &bdn->a_pat, &be->be_rootndn ) )
+ {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: rootdn is always granted "
+ "unlimited privileges.\n",
+ fname, lineno, 0 );
+ }
} else {
bdn->a_pat = bv;
"ACI \"%s\": inappropriate syntax: %s.",
right,
b->a_aci_at->ad_type->sat_syntax_oid );
- Debug( LDAP_DEBUG_ANY, "%s: line %d: %s\n"
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: %s\n",
fname, lineno, buf );
acl_usage();
}
static void
acl_usage( void )
{
- Debug( LDAP_DEBUG_ANY, "%s%s%s\n",
+ char *access =
"<access clause> ::= access to <what> "
- "[ by <who> <access> [ <control> ] ]+ \n"
+ "[ by <who> <access> [ <control> ] ]+ \n";
+
+ char *what =
"<what> ::= * | [dn[.<dnstyle>]=<DN>] [filter=<filter>] [attrs=<attrlist>]\n"
"<attrlist> ::= <attr> [val[/matchingRule][.<attrstyle>]=<value>] | <attr> , <attrlist>\n"
- "<attr> ::= <attrname> | entry | children\n",
+ "<attr> ::= <attrname> | entry | children\n";
+
+ char *who =
"<who> ::= [ * | anonymous | users | self | dn[.<dnstyle>]=<DN> ]\n"
"\t[ realanonymous | realusers | realself | realdn[.<dnstyle>]=<DN> ]\n"
"\t[dnattr=<attrname>]\n"
"\t[aci[=<attrname>]]\n"
#endif /* SLAPD_ACI_ENABLED */
#endif /* ! SLAP_DYNACL */
- "\t[ssf=<n>] [transport_ssf=<n>] [tls_ssf=<n>] [sasl_ssf=<n>]\n",
+ "\t[ssf=<n>] [transport_ssf=<n>] [tls_ssf=<n>] [sasl_ssf=<n>]\n"
"<style> ::= exact | regex | base(Object)\n"
"<dnstyle> ::= base(Object) | one(level) | sub(tree) | children | "
"exact | regex\n"
"\t<name>=ACI\t<pattern>=<attrname>\n"
#endif /* SLAPD_ACI_ENABLED */
#endif /* ! SLAP_DYNACL */
- );
+ "";
+
+ Debug( LDAP_DEBUG_ANY, "%s%s%s\n", access, who, what );
exit( EXIT_FAILURE );
}