I am going to second this.
On 09/01/2016 05:40 AM, Tom Jay wrote:
> Hello,
>
> Can I make a request that certain features of the access control
> documentation are emphasized? I've wasted quite a lot of time on this
> and some simple rules (which already exist in the documentation) would
> have been really helpful. These are:
>
> 8. Access Control
> 8.2. Access Control via Static Configuration
> 8.2.5. Access Control Examples
>
> To all attributes except homePhone, an entry can write to itself,
> entries under example.com entries can search by them, anybody else
> has no access (implicit by * none) excepting for
> authentication/authorization (*which is always done anonymously*).
>
> The fact that authentication is always done anonymously, even
> if anonymous binds are disabled in the configuration, is very
> important.
>
> 8.2.4. Access Control Evaluation
>
> Slapd stops with the first <what> selector that matches the entry
> and/or attribute.
>
> This is also very important, as it explains exactly how the
> access rules are processed.
>
> The order of evaluation of access directives makes their placement
> in the configuration file important.
>
> I don't think this is emphasized enough, as it is critical to
> how the access rules are processed.
>
> Also, some mention of the ACL log level would be useful!
>
>
> Thanks.
>
>
> Tom
>
>
