[Date Prev][Date Next]
Re: (ITS#4218) back-config broken in HEAD
> I'm a bit skeptical about what a global ACL overlay can do, without
> knowledge of the underlying real DB... Again, since we know we're
> working from the global perspective, we should just access
> frontendDB->bd_info directly without modifying op->o_bd. (Aside from
> dup'ing it into a local copy.) So basically over_access_allowed and
> fe_op_acl need to merge together. Similar fixes are probably needed for
> _acl_group and _acl_attribute, I haven't looked that far.
I've committed a fix for this particular ACL issue, it's much simpler
than what I thought at first. And it seems that acl_group and
acl_attribute are fine as-is.
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc
OpenLDAP Core Team http://www.openldap.org/project/