[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#6688) OpenLDAP 2.4.23 doesn't enforce ACLs on back-perl subordinate database

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#6688) OpenLDAP 2.4.23 doesn't enforce ACLs on back-perl subordinate database
From: quanah@zimbra.com
Date: Wed, 8 Jun 2011 23:22:23 GMT
Auto-submitted: auto-generated (OpenLDAP-ITS)

--On Friday, October 29, 2010 4:35 PM +0000 mark.cave-ayland@siriusit.co.uk 
wrote:

> Hi all,
>
> An update on this bug report: with a modified slapd.conf and a small
> patch to the back-perl module, I can use the ACL mask to ensure that the
> perl search function doesn't get invoked if disallowed by the ACLs.
>
> The patch works by creating a "fake" empty entry whose DN is the base of
> the search, and then passing this entry into access_allowed() using code
> borrowed from one of the other backends to either deny or allow access.
>
> http://pastebin.siriusit.co.uk/perlacl/slapd2.conf
> http://pastebin.siriusit.co.uk/perlacl/openldap-backperl-acls.patch

These are not accessible.

--Quanah

--

Quanah Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware, Inc.
--------------------
Zimbra ::  the leader in open source messaging and collaboration

Prev by Date: Re: (ITS#6878) ppcache segfault with tavl_delete
Next by Date: RE: (ITS#6964) ./configure bug when specifying openssl as the TLS library to use
Index(es):
- Chronological
- Thread