[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#5601) set-acl failure under back-ldap+rwm

> To further elaborate, even if the virtual DN is set instead of the  
> real one in c_ndn, the operation fails because ACL checking passes  
> through bi_entry_get_rw(), which is not provided by slapo-rwm, and  
> can't be provided according to the current design, since it does not  
> allow to massage the arguments.  As a quick'n'dirty fix, what you  
> can do is make the proxy database serve both naming contexts, namely
> database ldap
> suffix "dc=remote,dc=local"
> suffix "dc=remote"

This works for getting the query to the right place; thanks!  Remapped  
attributes in the acl obviously don't work, but working around that is  
straight-forward also.

> This is a hack; the real fix requires to redesign the API of  
> bi_entry_get_rw(), to let it modify the request arguments while  
> letting the real function do the hard job.

Right, okay.

Matthew Backes
Symas Corporation