[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#2914)
At 07:18 AM 1/14/2004, dbroady@lexmark.com wrote:
>Kurt,
>
>Thanks for your response. One question: When isn't the password for a
>user not in some way stored in the userPassword attribute?
A backend could, for instance, implement the authPassword, the
unicodePwd, or other other password attribute. Or the backend
could use an external password store.
>Also, if changing the slap_access_allowed() function is appropriate, then
>here is a patch that would do what we need. Let me know what you think of
>this patch.
This patch seems more suitable. However, I'll defer any action
regarding it to a committer with more experience with SLAPI.
>One final thing. In my original posting of the problem, I entered the
>wrong email address. Would you please change it to dbroady1@aol.com
>instead of dsbroa0@aol.com? Thanks.
>
>
>--- slapi_utils.c.orig Wed Jan 14 09:39:25 2004
>+++ slapi_utils.c Wed Jan 14 09:47:09 2004
>@@ -3256,9 +3256,16 @@
> return ret;
> }
>
>+ if ( slapi_pblock_get( pb, SLAPI_OPERATION, (void *)&op ) != 0 ) {
>+ return LDAP_PARAM_ERROR;
>+ }
>+
> switch ( access & SLAPI_ACL_ALL ) {
> case SLAPI_ACL_COMPARE:
>- slap_access = ACL_COMPARE;
>+ if (op && op->o_tag == LDAP_REQ_BIND)
>+ slap_access = ACL_AUTH | ACL_COMPARE;
>+ else
>+ slap_access = ACL_COMPARE;
> break;
> case SLAPI_ACL_SEARCH:
> slap_access = ACL_SEARCH;
>@@ -3282,10 +3289,6 @@
> }
>
> if ( slapi_pblock_get( pb, SLAPI_CONNECTION, (void *)&conn ) != 0 ) {
>- return LDAP_PARAM_ERROR;
>- }
>-
>- if ( slapi_pblock_get( pb, SLAPI_OPERATION, (void *)&op ) != 0 ) {
> return LDAP_PARAM_ERROR;
> }
>
>
>
>Darin Broady
>dbroady@lexmark.com
>Lexmark International, Inc.