[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#7350) aclparse.c acl_unparse() attrval empty DN
- To: openldap-its@OpenLDAP.org
- Subject: Re: (ITS#7350) aclparse.c acl_unparse() attrval empty DN
- From: hyc@symas.com
- Date: Wed, 22 Aug 2012 22:07:18 GMT
- Auto-submitted: auto-generated (OpenLDAP-ITS)
daniel@pluta.biz wrote:
> Full_Name: Daniel Pluta
> Version: MASTER
> OS: Linux
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (2001:470:9feb:ff03:4dbf:1141:9dad:2f88)
>
>
> It seems to me, that the following acl statement isn't correctly unparsed within
> aclparse.c:
>
> to dn.base="ou=persons,o=test" attrs=seeAlso val/distinguishedNameMatch="" by
> users read
>
>
> Starting slapd using loglevel 128 reports:
>
> Backend ACL: access to dn.base="ou=persons,o=test"
> attrs=seeAlso
> by users read
>
> I would have expected:
>
> Backend ACL: access to dn.base="ou=persons,o=test"
> attrs=seeAlso
> val/distinguishedNameMatch=""
> by users read
>
>
> As the empty DN is empty, the problem seems to be located in aclparse.c's
> acl_unparse()'s statement
>
> if ( !BER_BVISEMPTY( &a->acl_attrval ) )
>
> or even in the parse_acl() flagless spliting into left and right.
>
>
>
Sounds right. Thanks for the report, fixed in master.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/