[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#3480) back-sql and ACL issues

Full_Name: Pierangelo Masarati
Version: ALL
OS: irrelevant
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (
Submitted by: ando

In most cases, ACL checking features can only be partially exploited within
back-sql, because only the essential portions of the entries are computed for
each operation before calling access_allowed().  As a consequence, access
clauses like "dnattr" and so cannot be used if the appropriate attribute values
have not been collected.  A side effect is that the requested attribute
types/values affect access to the same entry.