[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#5628) dereferencing user with translucent overlay

hyc@symas.com wrote:

> Seems that we should add a backend_attribute handler to the translucent overlay.

That's not going to work anyway, since the overlay's bi_acl_attribute 
method is not going to be called anyway.  In fact, any call to 
backend_attribute will be cast into a call to bi_entry_get_rw, so only 
by implementing translucent_entry_get_rw we could have a chance to look 
the remote entry up.  But then we'd probably have issues in the 
subsequent call to translucent_entry_release, to distinguish whether the 
looked-up entry was from the local or the remote database...  And see 
ITS#5650: right now, even if the attribute is not local, the local entry 
will always be returned.

>>> I've also tried to hack the translucent overlay so that it would support the
>>> bi_entry_get_rw callback but I haven't been able to provide something that would
>>> even satisfy me. I suppose I would have to use some sort of callback mechanism
>>> like translucent_search_cb but I haven't figured it out yet.
>> That's another problem I ran through when trying to add rewrite
>> capabilities to the slapo-rwm(5) overlay, so that authorization could be
>> rewrapped when performed through virtual data views.  However, I believe
>> the API of bi_entry_get_rw be modified for overlays, since the current
>> API does not allow calls to modify their arguments.  I'd leave that
>> alone by now.
> Haven't looked closely at this yet...


Ing. Pierangelo Masarati
OpenLDAP Core Team

SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
Office:  +39 02 23998309
Mobile:  +39 333 4963172
Fax:     +39 0382 476497
Email:   ando@sys-net.it