[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
(ITS#2914)
Kurt,
Thanks for your response. One question: When isn't the password for a
user not in some way stored in the userPassword attribute?
Also, if changing the slap_access_allowed() function is appropriate, then
here is a patch that would do what we need. Let me know what you think of
this patch.
One final thing. In my original posting of the problem, I entered the
wrong email address. Would you please change it to dbroady1@aol.com
instead of dsbroa0@aol.com? Thanks.
--- slapi_utils.c.orig Wed Jan 14 09:39:25 2004
+++ slapi_utils.c Wed Jan 14 09:47:09 2004
@@ -3256,9 +3256,16 @@
return ret;
}
+ if ( slapi_pblock_get( pb, SLAPI_OPERATION, (void *)&op ) != 0 ) {
+ return LDAP_PARAM_ERROR;
+ }
+
switch ( access & SLAPI_ACL_ALL ) {
case SLAPI_ACL_COMPARE:
- slap_access = ACL_COMPARE;
+ if (op && op->o_tag == LDAP_REQ_BIND)
+ slap_access = ACL_AUTH | ACL_COMPARE;
+ else
+ slap_access = ACL_COMPARE;
break;
case SLAPI_ACL_SEARCH:
slap_access = ACL_SEARCH;
@@ -3282,10 +3289,6 @@
}
if ( slapi_pblock_get( pb, SLAPI_CONNECTION, (void *)&conn ) != 0 ) {
- return LDAP_PARAM_ERROR;
- }
-
- if ( slapi_pblock_get( pb, SLAPI_OPERATION, (void *)&op ) != 0 ) {
return LDAP_PARAM_ERROR;
}
Darin Broady
dbroady@lexmark.com
Lexmark International, Inc.