[Date Prev][Date Next]
Re: (ITS#6688) OpenLDAP 2.4.23 doesn't enforce ACLs on back-perl subordinate database
An update on this bug report: with a modified slapd.conf and a small
patch to the back-perl module, I can use the ACL mask to ensure that the
perl search function doesn't get invoked if disallowed by the ACLs.
The patch works by creating a "fake" empty entry whose DN is the base of
the search, and then passing this entry into access_allowed() using code
borrowed from one of the other backends to either deny or allow access.
Is this something that could be considered for inclusion upstream or
does it require more work?
Mark Cave-Ayland - Senior Technical Architect
PostgreSQL - PostGIS
Sirius Corporation plc - control through freedom
t: +44 870 608 0063
Sirius Labs: http://www.siriusit.co.uk/labs