[Date Prev][Date Next] [Chronological] [Thread] [Top]

Shell backend, modify method, ACL

To: openldap-devel@OpenLDAP.org
Subject: Shell backend, modify method, ACL
From: Xavier Redon <Xavier.Redon@eudil.fr>
Date: Wed, 20 Jun 2001 00:28:14 +0200 (CEST)

Hello,

  I'm coding a custom shell backend for slapd.
  This backend is used to give a LDAP interface to our network registry
(in fact just a hierarchy of directories and files).

  All went well for the the search and bind methods but I have a problem
with the modify method. The slapd server let the user requests to hit
the modify method without verifying ACL, it seems that the user (the
one that write the modify backend) has to check access list by hand.

  Since the ACL stuff is a complex one, it seems easier to modify the
file servers/slapd/back-shell/modify.c. I just added a few lines :

        { char *text;
          Modifications *p;
          text=stringCatenate("dn: ",dn,"");
          e=str2entry(text);
          free(text);
          if (!acl_check_modlist(be,conn,op,e,ml))
            send_ldap_result(conn,op,LDAP_INSUFFICIENT_ACCESS,
                             NULL,NULL,NULL,NULL);
        }

The method consists in building an (Entry *) from the parameter dn
and in calling acl_check_modlist.

  That do the work I think ...
  
  Is it possible to have this modification (or the equivalent better
coded) incorporated in the official code ? I may have missed an important
issue ?

  Thanks in advance for any information on this subject.

Xavier

Follow-Ups:
- Re: Shell backend, modify method, ACL
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

Prev by Date: Re: ldaptcl (fwd)
Next by Date: More on ldbm_initialize in libraries/libldbm/ldbm.c
Index(es):
- Chronological
- Thread