From 4d46b8b7478799c0a8280f71dbad1e9069ab3e0a Mon Sep 17 00:00:00 2001
From: Ralf Haferkamp <ralf@openldap.org>
Date: Fri, 12 May 2006 11:48:57 +0000
Subject: [PATCH] Additional fix for ITS#4522. The "dn=" ist not optional.
---
doc/man/man5/slapd.access.5 | 11 ++---------
servers/slapd/aclparse.c | 4 ++--
2 files changed, 4 insertions(+), 11 deletions(-)
diff --git a/doc/man/man5/slapd.access.5 b/doc/man/man5/slapd.access.5
index 04d1d1e1b6..fd3fa6dd86 100644
--- a/doc/man/man5/slapd.access.5
+++ b/doc/man/man5/slapd.access.5
@@ -124,7 +124,7 @@ specifies the entity the access control directive applies to.
It can have the forms
.LP
.nf
- [dn[.<dnstyle>]=]<dnpattern>
+ dn[.<dnstyle>]=<dnpattern>
filter=<ldapfilter>
attrs=<attrlist>[ val[/matchingRule][.<attrstyle>]=<attrval>]
.fi
@@ -142,9 +142,6 @@ with
The statement
.B dn=<dnpattern>
selects the entries based on their naming context.
-The
-.B dn=
-part is optional.
The
.B <dnpattern>
is a string representation of the entry's DN.
@@ -156,11 +153,7 @@ form is given.
.LP
The
.B <dnstyle>
-is also optional; however, it is recommended to specify both the
-.B dn=
-and the
-.B <dnstyle>
-to avoid ambiguities.
+is optional; however, it is recommended to specify it to avoid ambiguities.
.B Base
(synonym of
.BR baseObject ),
diff --git a/servers/slapd/aclparse.c b/servers/slapd/aclparse.c
index c6160fc071..48ec0cd743 100644
--- a/servers/slapd/aclparse.c
+++ b/servers/slapd/aclparse.c
@@ -2192,9 +2192,9 @@ acl_usage( void )
{
char *access =
"<access clause> ::= access to <what> "
- "[ by <who> <access> [ <control> ] ]+ \n";
+ "[ by <who> [ <access> ] [ <control> ] ]+ \n";
char *what =
- "<what> ::= * | [dn[.<dnstyle>]=<DN>] [filter=<filter>] [attrs=<attrspec>]\n"
+ "<what> ::= * | dn[.<dnstyle>=<DN>] [filter=<filter>] [attrs=<attrspec>]\n"
"<attrspec> ::= <attrname> [val[/<matchingRule>][.<attrstyle>]=<value>] | <attrlist>\n"
"<attrlist> ::= <attr> [ , <attrlist> ]\n"
"<attr> ::= <attrname> | @<objectClass> | !<objectClass> | entry | children\n";
--
GitLab