From: Howard Chu Date: Mon, 10 Nov 2008 22:29:02 +0000 (+0000) Subject: ITS#4556 clarify Add requirements X-Git-Tag: ACLCHECK_0~1135 X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=dd809b26c613ec4a6065b5ac1ec28c6f95ac1c58;p=openldap ITS#4556 clarify Add requirements --- diff --git a/doc/man/man5/slapd-config.5 b/doc/man/man5/slapd-config.5 index f4095a39ab..41e7da2cf2 100644 --- a/doc/man/man5/slapd-config.5 +++ b/doc/man/man5/slapd-config.5 @@ -1237,8 +1237,10 @@ used here. .B olcAddContentAcl: TRUE | FALSE Controls whether Add operations will perform ACL checks on the content of the entry being added. This check is off -by default; usually only Write access to the parent entry's -children pseudo-attribute is required. +by default. See the +.BR slapd.access (5) +manual page for more details on ACL requirements for +Add operations. .TP .B olcHidden: TRUE | FALSE Controls whether the database will be used to answer diff --git a/doc/man/man5/slapd.access.5 b/doc/man/man5/slapd.access.5 index 5fe76f684e..dd24af2018 100644 --- a/doc/man/man5/slapd.access.5 +++ b/doc/man/man5/slapd.access.5 @@ -911,7 +911,15 @@ When adding the suffix entry of a database, .B add access to .B children -of the empty DN ("") is required. +of the empty DN ("") is required. Also if +Add content ACL checking has been configured on +the database (see the +.BR slapd.conf (5) +or +.BR slapd-config (5) +manual page), +.B add (=a) +will be required on all of the attributes being added. .LP The diff --git a/doc/man/man5/slapd.conf.5 b/doc/man/man5/slapd.conf.5 index 84c8c698c6..3e2ab714d2 100644 --- a/doc/man/man5/slapd.conf.5 +++ b/doc/man/man5/slapd.conf.5 @@ -1165,8 +1165,10 @@ depending on which backend will serve the database. .B add_content_acl on | off Controls whether Add operations will perform ACL checks on the content of the entry being added. This check is off -by default; usually only Write access to the parent entry's -children pseudo-attribute is required. +by default. See the +.BR slapd.access (5) +manual page for more details on ACL requirements for +Add operations. .TP .B hidden on | off Controls whether the database will be used to answer