[Date Prev][Date Next] [Chronological] [Thread] [Top]

SSF not propagated to syncrepl operation (ITS#3131)

To: openldap-its@OpenLDAP.org
Subject: SSF not propagated to syncrepl operation (ITS#3131)
From: lukeh@padl.com
Date: Wed, 5 May 2004 03:40:57 GMT

Full_Name: Luke Howard
Version: 2.2.10
OS: Linux
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (165.228.130.11)


The application of consumer-side ACLs that contain minimum SSFs does not work
with syncrepl, because the SSF is not propagated from the LDAP session to the
fake operation.

For example:

access to *
        by dn.subtree="OU=Domain Controllers,DC=dsg,DC=padl,DC=com" ssf=56
write

The following difference against OPENLDAP_REL_ENG_2_2_10 fixes this.

Index: syncrepl.c
===================================================================
RCS file: /repo/OpenLDAP/pkg/ldap/servers/slapd/syncrepl.c,v
retrieving revision 1.24.2.20
diff -u -r1.24.2.20 syncrepl.c
--- syncrepl.c  13 Apr 2004 15:49:08 -0000      1.24.2.20
+++ syncrepl.c  5 May 2004 03:36:52 -0000
@@ -302,6 +302,9 @@
                }
        }
 
+       /* set SSF for local authorization */
+       ldap_get_option( si->si_ld, LDAP_OPT_X_SASL_SSF, &op->o_ssf );
+
        /* get syncrepl cookie of shadow replica from subentry */
 
        assert( si->si_rid < 1000 );
lukeh@corp/tankstream[190]%

Prev by Date: RE: Article about OpenLDAP Proxy Server (ITS#3130)
Next by Date: RE: Article about OpenLDAP Proxy Server (ITS#3130)
Index(es):
- Chronological
- Thread