[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#4218) back-config broken in HEAD

hyc@symas.com wrote:
> I'm a bit skeptical about what a global ACL overlay can do, without 
> knowledge of the underlying real DB... Again, since we know we're 
> working from the global perspective, we should just access 
> frontendDB->bd_info directly without modifying op->o_bd. (Aside from 
> dup'ing it into a local copy.) So basically over_access_allowed and 
> fe_op_acl need to merge together. Similar fixes are probably needed for 
> _acl_group and _acl_attribute, I haven't looked that far.

I've committed a fix for this particular ACL issue, it's much simpler 
than what I thought at first. And it seems that acl_group and 
acl_attribute are fine as-is.

  -- Howard Chu
  Chief Architect, Symas Corp.  http://www.symas.com
  Director, Highland Sun        http://highlandsun.com/hyc
  OpenLDAP Core Team            http://www.openldap.org/project/