[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#6688) OpenLDAP 2.4.23 doesn't enforce ACLs on back-perl subordinate database

Hi all,

An update on this bug report: with a modified slapd.conf and a small 
patch to the back-perl module, I can use the ACL mask to ensure that the 
perl search function doesn't get invoked if disallowed by the ACLs.

The patch works by creating a "fake" empty entry whose DN is the base of 
the search, and then passing this entry into access_allowed() using code 
borrowed from one of the other backends to either deny or allow access.


Is this something that could be considered for inclusion upstream or 
does it require more work?



Mark Cave-Ayland - Senior Technical Architect
PostgreSQL - PostGIS
Sirius Corporation plc - control through freedom
t: +44 870 608 0063

Sirius Labs: http://www.siriusit.co.uk/labs