[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#6688) OpenLDAP 2.4.23 doesn't enforce ACLs on back-perl subordinate database

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#6688) OpenLDAP 2.4.23 doesn't enforce ACLs on back-perl subordinate database
From: mark.cave-ayland@siriusit.co.uk
Date: Thu, 9 Jun 2011 15:39:24 GMT
Auto-submitted: auto-generated (OpenLDAP-ITS)

On 09/06/11 00:21, Quanah Gibson-Mount wrote:

>> An update on this bug report: with a modified slapd.conf and a small
>> patch to the back-perl module, I can use the ACL mask to ensure that the
>> perl search function doesn't get invoked if disallowed by the ACLs.
>>
>> The patch works by creating a "fake" empty entry whose DN is the base of
>> the search, and then passing this entry into access_allowed() using code
>> borrowed from one of the other backends to either deny or allow access.
>>
>> http://pastebin.siriusit.co.uk/perlacl/slapd2.conf
>> http://pastebin.siriusit.co.uk/perlacl/openldap-backperl-acls.patch
>
> These are not accessible.

Hi Quanah,

Ah yes indeed - that server was decommissioned last month. I've since 
reinstated the files from a backup onto a new server and updated DNS to 
point to it. Can you verify that you can now download them?


Many thanks,

Mark.

-- 
Mark Cave-Ayland - Senior Technical Architect
PostgreSQL - PostGIS
Sirius Corporation plc - control through freedom
http://www.siriusit.co.uk
t: +44 870 608 0063

Sirius Labs: http://www.siriusit.co.uk/labs

Prev by Date: (ITS#6965) Ldap ld210_en for Mdaemon ver 11.0.1-urgent
Next by Date: Re: (ITS#6688) OpenLDAP 2.4.23 doesn't enforce ACLs on back-perl subordinate database
Index(es):
- Chronological
- Thread