Import ITS#4522 slapd.access(5) fix

855f2a31 · Kurt Zeilenga · 29d3fbb0 · 855f2a31 · 855f2a31 · 855f2a31
Commit 855f2a31 authored Oct 10, 2006 by Kurt Zeilenga
--- a/CHANGES
+++ b/CHANGES
@@ -19,7 +19,8 @@ OpenLDAP 2.3.28 Engineering
 	Fixed slapo-ppolicy pwdChangedTime behavior (ITS#4692)
 	Fixed slapo-translucent ldapmodify crash (ITS#4673)
 	Documentation
-		Updated ldapsearch(1) options (ITS#4371, #4526, #4647)
+		Updated ldapsearch(1) options (ITS#4371,4526,4647)
+		Fixed slapd.access(5) non-optional dn= error (ITS#4522)

 OpenLDAP 2.3.27 Release
 	Fixed libldap dangling pointer issue (previous fix was broken) (ITS#4405)

--- a/doc/man/man5/slapd.access.5
+++ b/doc/man/man5/slapd.access.5
@@ -67,7 +67,7 @@ brackets <>.
 .SH THE ACCESS DIRECTIVE
 The structure of the access control directives is
 .TP
-.B access to <what> "[ by <who> <access> [ <control> ] ]+"
+.B access to <what> "[ by <who> [ <access> ] [ <control> ] ]+"
 Grant access (specified by 
 .BR <access> ) 
 to a set of entries and/or attributes (specified by 
@@ -81,7 +81,7 @@ specifies the entity the access control directive applies to.
 It can have the forms
 .LP
 .nf
-	[dn[.<dnstyle>]=]<dnpattern>
+	dn[.<dnstyle>]=<dnpattern>
 	filter=<ldapfilter>
 	attrs=<attrlist>[ val[/matchingRule][.<attrstyle>]=<attrval>]
 .fi
@@ -99,9 +99,6 @@ with
 The statement
 .B dn=<dnpattern>
 selects the entries based on their naming context.
-The 
-.B dn=
-part is optional.
 The
 .B <dnpattern>
 is a string representation of the entry's DN.
@@ -113,11 +110,7 @@ form is given.
 .LP
 The 
 .B <dnstyle> 
-is also optional; however, it is recommended to specify both the 
-.B dn=
-and the
-.B <dnstyle>
-to avoid ambiguities.
+is optional; however, it is recommended to specify it to avoid ambiguities.
 .B Base 
 (synonym of
 .BR baseObject ),

--- a/servers/slapd/aclparse.c
+++ b/servers/slapd/aclparse.c
@@ -2266,9 +2266,9 @@ acl_usage( void )
 {
 	char *access =
 		"<access clause> ::= access to <what> "
-				"[ by <who> <access> [ <control> ] ]+ \n";
+				"[ by <who> [ <access> ] [ <control> ] ]+ \n";
 	char *what =
-		"<what> ::= * | [dn[.<dnstyle>]=<DN>] [filter=<filter>] [attrs=<attrspec>]\n"
+		"<what> ::= * | dn[.<dnstyle>=<DN>] [filter=<filter>] [attrs=<attrspec>]\n"
 		"<attrspec> ::= <attrname> [val[/<matchingRule>][.<attrstyle>]=<value>] | <attrlist>\n"
 		"<attrlist> ::= <attr> [ , <attrlist> ]\n"
 		"<attr> ::= <attrname> | @<objectClass> | !<objectClass> | entry | children\n";