[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Issue with default ACL selection and back-config (revitalizing ITS#3100?...)
Pierangelo Masarati wrote:
In access_allowed(), when called with null o_bd field, the first
database is selected, where the first real database is traditionally
intended. The current code has been modified to pick the first
database by calling
op->o_bd = LDAP_STAILQ_FIRST( &backendDB );
However, if back-config is enabled, it is forced to be the first
database in the list. I can't figure out, right now, how this can be
solved in a clean manner.
Hmmm... As per ITS#3100, the behavior to use the first backend has been
in place for a long time, but it doesn't make a lot of sense in itself,
it seems it was just a hack (acl.c rev 1.93) to allow ACL checks to be
performed on the rootDSE and other objects that live outside of a
regular backend. Since we now have a frontendDB where the global ACLs
live, I think we should just use the frontendDB here.
--
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
http://www.symas.com http://highlandsun.com/hyc
Symas: Premier OpenSource Development and Support