Better explanation of when access control processing stops

author Karl O. Pinc <kop@karlpinc.com>

Wed, 22 Apr 2020 22:43:39 +0000 (17:43 -0500)

committer Ondřej Kuzník <ondra@mistotebe.net>

Wed, 17 Feb 2021 15:02:33 +0000 (15:02 +0000)
author Karl O. Pinc <kop@karlpinc.com>
Wed, 22 Apr 2020 22:43:39 +0000 (17:43 -0500)
committer Ondřej Kuzník <ondra@mistotebe.net>
Wed, 17 Feb 2021 15:02:33 +0000 (15:02 +0000)
diff --git a/doc/man/man5/slapd.access.5 b/doc/man/man5/slapd.access.5

index 54b71508fbbfa582c68583f12443a5ffb64b0a1c..3f1b2867f60f46de9a26b4e73a17012c63e6358c 100644 (file)
--- a/doc/man/man5/slapd.access.5
+++ b/doc/man/man5/slapd.access.5
@@ -95,6 +95,8 @@ clause matches the accessor's properties, its
  and
  .B <control>
  clauses are evaluated.
+
+.LP
  Access control checking stops at the first match of the
  .B <what>
  and
@@ -110,8 +112,26 @@ clause list is implicitly terminated by a
         by * none stop
  .fi
  .LP
-clause that results in stopping the access control with no access 
-privileges granted.
+.B <control>
+clause.  This implicit
+.B <control>
+stops access directive evaluation with no more access privileges
+granted to anyone else.
+To stop access directive evaluation only when both
+.B <who>
+and
+.B <what>
+match, add an explicit
+.LP
+.nf
+       by * break
+.fi
+.LP
+to the end of the
+.B <who>
+clause list.
+
+.LP
  Each
  .B <what>
  clause list is implicitly terminated by a
author	Karl O. Pinc <kop@karlpinc.com>
	Wed, 22 Apr 2020 22:43:39 +0000 (17:43 -0500)
committer	Ondřej Kuzník <ondra@mistotebe.net>
	Wed, 17 Feb 2021 15:02:33 +0000 (15:02 +0000)