[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#3877) Enhancement: openldapACIValidate implementation

To: openldap-its@OpenLDAP.org
Subject: (ITS#3877) Enhancement: openldapACIValidate implementation
From: nikita.shulga@gmail.com
Date: Mon, 25 Jul 2005 12:22:15 GMT

On 25.07.2005, at 15:07, Pierangelo Masarati wrote:
> the patch looks fine. I'd suggest:
> 1) for the sake of code confinement, to move it to acl.c; in that  
> case we
> might take advantage of this chance to rationalize the pletora of  
> constant
> ACL string definitions in acl_bv_*...
> 2) why in bertok() don't you just use strchr()?
But if validate function is going to be implemented in acl.c,
it'll be more appropriate to use aci_get_part function.
So, one may forget about clumsy bertok

> 3) beware of escaping the delimiter char; there was recently an  
> issue with
> ACIs that didn't parse correctly a DN containing a "#"; it is now  
> fixed
> (in 2.3 for sure; not sure about 2.2), but I didn't check if your  
> patch
> takes care of it.
DN are placed at the very end of ACI. In it's current implementation  
ACIValidate does
not validate subject field,because it's not always a DN.
But I'll definitely look at it when adding DN-validate there.

> 4) I'd also see room for an ACI normalization function that takes  
> care of
> normalizing the DN in ACIs, so that we don't need to re-normalize  
> them all
> times the ACIs are invoked (see all the occurences of dnNormalize() in
> aci_mask()).
You mean, to implement pretty function for ACI?

Prev by Date: Re: (ITS#3877) Enhancement: openldapACIValidate implementation
Next by Date: Re: (ITS#3878) test000-rootdse - slapd hangs
Index(es):
- Chronological
- Thread