[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Accessing LDAP attributes inside slapd

To: Ganesan R <rganesan-ldap@myrealbox.com>
Subject: Re: Accessing LDAP attributes inside slapd
From: Mark Adamson <adamson@andrew.cmu.edu>
Date: Wed, 28 Nov 2001 10:15:41 -0500 (EST)
Cc: <openldap-devel@OpenLDAP.org>
In-reply-to: <uealmgrp0nz.fsf@andlx-anamika.cisco.com>

> Looking at slap_sasl_check_authz() it appears that you can directly call
> backend_attribute() _without_ any connection or operation information to get
> attribute values. Can I rely on this?


If the *conn and *op are NULL the access checking for attributes and
entries is turned off in the backend.  So the backend will "trust" the
front end and give everything asked for.  Just make sure the front end
doesn't hand the attributes back to the LDAP client -- that would bypass
ACLs.


-Mark Adamson
 Carnegie Mellon

References:
- Re: Accessing LDAP attributes inside slapd
  - From: Ganesan R <rganesan-ldap@myrealbox.com>

Prev by Date: Re: Accessing LDAP attributes inside slapd
Next by Date: which funtion and varible is used to ?
Index(es):
- Chronological
- Thread