[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: checking for bound user

To: "'David Parker'" <david.parker@rocketsoftware.com>, <openldap-devel@OpenLDAP.org>
Subject: RE: checking for bound user
From: "Howard Chu" <hyc@highlandsun.com>
Date: Thu, 8 Apr 2004 18:08:12 -0700
Importance: Normal
In-reply-to: <9BFCEB1E1A274A49A866B6E9290752D601B5C1F0@xmail.rocketsoftware.com>

OK. You'll need to scan through with something like this:

	slap_overinst *on, *o2;
	slap_overinfo *oi;
	int foundit = 0;

	on = (slap_overinst *)op->o_bd->bd_info;

	if (!op->o_conn->c_authz_backend ||
		strcmp(op->o_conn->c_authz_backend->be_type, "over")) {
		/* Not ours */
		return -1;
	}

	oi = op->o_conn->c_authz_backend->bd_info;
	for (o2 = oi->oi_list; o2; o2=o2->on_next) {
		if (o2 == on) {
			foundit = 1;
			break;
		}
	}

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support 

> -----Original Message-----
> From: owner-openldap-devel@OpenLDAP.org
> [mailto:owner-openldap-devel@OpenLDAP.org]On Behalf Of David Parker
> Sent: Thursday, April 08, 2004 1:07 PM
> To: openldap-devel@OpenLDAP.org
> Subject: RE: checking for bound user
> 
> 
> I tried checking op->o_conn->c_authz_backend->be_type, but the value
> is "over", the value of overtype[] in backover.c.
> 
> I know I should be able to figure this out by looking at the 
> code, but trying to sort out between BackendInfo, BackendDB, 
> the #define short-cuts in between them, and then the overlay 
> structure makes me feel like I'm on drugs. Or, maybe, drugs 
> are the answer....
> 
> Where can I get to the value that was specified on 
> slap_overinst.on_bi.bi_type for the slap_overinst originally 
> passed to overlay_register?
> 
> I'm using 2.2.6 currently, with a patched backover.c (for the 
> multiple overlay fix).
> 
> Thanks!
> 
> - DAP
> 
> > -----Original Message-----
> > From: Howard Chu [mailto:hyc@highlandsun.com]
> > Sent: Monday, April 05, 2004 4:27 PM
> > To: David Parker; openldap-devel@OpenLDAP.org
> > Subject: RE: checking for bound user
> > 
> > 
> > > -----Original Message-----
> > > From: owner-openldap-devel@OpenLDAP.org
> > > [mailto:owner-openldap-devel@OpenLDAP.org]On Behalf Of 
> David Parker
> > 
> > > A follow-up question on the bound user:
> > > 
> > > Once my overlay has bound a user, I want subsequent 
> > > operations (add,modify,etc) to be verify that the op->o_ndn 
> > > was bound with my overlay's method, i.e., I don't want a user 
> > > bound by another backend to be able to perform operations in 
> > > my overlay. I might be able to achieve the functionality I 
> > > want with ACLs, as well, but I wanted to check the 
> > > feasibility of this other approach.
> > 
> > The backend that performed the authentication for the current 
> > session is recorded in conn->c_authz_backend. All you have to 
> > do is compare that against your backend.
> > 
> >   -- Howard Chu
> >   Chief Architect, Symas Corp.       Director, Highland Sun
> >   http://www.symas.com               http://highlandsun.com/hyc
> >   Symas: Premier OpenSource Development and Support 
> > 
> 
> 
>

<<attachment: winmail.dat>>

References:
- RE: checking for bound user
  - From: "David Parker" <david.parker@rocketsoftware.com>

Prev by Date: RE: checking for bound user
Next by Date: RE: checking for bound user
Index(es):
- Chronological
- Thread