[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#4730) Overlay that generates operational attributes to support GUI interaction

This is a multi-part message in MIME format.
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

masarati@aero.polimi.it wrote:
>>> HI!
>>> I've added support for 'allowedAttributesEffective' in web2ldap recently
>>> which
>>> works with AD. I tried this overlay but it seg faults with recent
>>> OpenLDAP
>>> version. Any chance to get this back on the radar?
>> I've built and tested my copy of allowed.c with HEAD and re24 and it works
>> as expected.  However, I might have modified it to keep pace with baseline
>> code evolution without resubmitting modifications.
> My version was indeed rather modified, that's why it worked.  It's now in
> HEAD's contrib/slapd-modules/allowed/.  It builds fine with HEAD and re24;
> it should also build with OL 2.3, although I haven't checked in a while. 
> Please test and report.

I've created a simple Makefile derived from the one for slapo-smbk5pwd for
this I'd like to contribute if appropriate. Please review. I grant *all*
rights to the OpenLDAP project.

Now for the concrete testing:

In principle it works. That's great!

There's a special corner-case:
If the user bound (e.g. anonymous in my test configuration) has no write
access to any attribute an empty attribute value list is returned for
'allowedAttributesEffective'. Indeed this is helpful since my web2ldap can
then distinguish between this attribute being not available at all or no
attributes are allowed to be written. But I'm not sure whether that complies
to the LDAP data model. What do you think?

Ciao, Michael.

Content-Type: text/plain;
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;

# $OpenLDAP: pkg/ldap/contrib/slapd-modules/allowed/Makefile,v 1.3 2009/08/16 20:55:27 kurt Exp $
# This work is part of OpenLDAP Software <http://www.openldap.org/>.
# Copyright 1998-2009 The OpenLDAP Foundation.
# Copyright 2004 Howard Chu, Symas Corp. All Rights Reserved.
# Redistribution and use in source and binary forms, with or without
# modification, are permitted only as authorized by the OpenLDAP
# Public License.
# A copy of this license is available in the file LICENSE in the
# top-level directory of the distribution or, alternatively, at
# <http://www.OpenLDAP.org/license.html>.


OPT=-g -O2


LDAP_INC=-I../../../include -I../../../servers/slapd

LDAP_LIB=-lldap_r -llber -L../../../lib

all:	allowed.la

allowed.lo:	allowed.c
	$(LIBTOOL) --mode=compile $(CC) $(OPT) $(DEFS) $(INCS) -c $?

allowed.la:	allowed.lo
	$(LIBTOOL) --mode=link $(CC) $(OPT) -version-info 0:0:0 \
	-rpath $(PREFIX)/lib -module -o $@ $? $(LIBS)

	rm -f allowed.o allowed.lo allowed.la

install: allowed.la
	mkdir -p $(PREFIX)/libexec/openldap
	$(LIBTOOL) --mode=install cp allowed.la $(PREFIX)/libexec/openldap
	$(LIBTOOL) --finish $(PREFIX)/libexec/openldap