[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#5555) authzTo ACL check for wrong principal

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#5555) authzTo ACL check for wrong principal
From: andrew.findlay@skills-1st.co.uk
Date: Mon, 16 Jun 2008 17:21:40 GMT

On Mon, Jun 16, 2008 at 02:29:21PM +0000, Andrew Findlay wrote:

> Thus I think my original report was wrong. This is a documentation
> issue, not a bug.

I have uploaded a suggested set of patches to make the behaviour
clearer:

	ftp://ftp.openldap.com/incoming/andrew.findlay-20080616.patch

The patch is against 2.4.10

It might be better still to factor out the concept of proxy
authorisation and its control from the SASL authz mechanism, as it
applies also to the LDAP Proxied Authorization Control.
I have not done this as I was unsure where best to put it.

Andrew
-- 
-----------------------------------------------------------------------
|                 From Andrew Findlay, Skills 1st Ltd                 |
| Consultant in large-scale systems, networks, and directory services |
|     http://www.skills-1st.co.uk/                +44 1628 782565     |
-----------------------------------------------------------------------

Prev by Date: Re: (ITS#5561) SEGV using TLS/SASL
Next by Date: Re: (ITS#5555) authzTo ACL check for wrong principal
Index(es):
- Chronological
- Thread