[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#6688) OpenLDAP 2.4.23 doesn't enforce ACLs on back-perl subordinate database

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#6688) OpenLDAP 2.4.23 doesn't enforce ACLs on back-perl subordinate database
From: hyc@symas.com
Date: Thu, 9 Jun 2011 22:16:57 GMT
Auto-submitted: auto-generated (OpenLDAP-ITS)

mark.cave-ayland@siriusit.co.uk wrote:
> On 09/06/11 00:21, Quanah Gibson-Mount wrote:
>
>>> An update on this bug report: with a modified slapd.conf and a small
>>> patch to the back-perl module, I can use the ACL mask to ensure that the
>>> perl search function doesn't get invoked if disallowed by the ACLs.
>>>
>>> The patch works by creating a "fake" empty entry whose DN is the base of
>>> the search, and then passing this entry into access_allowed() using code
>>> borrowed from one of the other backends to either deny or allow access.
>>>
>>> http://pastebin.siriusit.co.uk/perlacl/slapd2.conf
>>> http://pastebin.siriusit.co.uk/perlacl/openldap-backperl-acls.patch
>>
>> These are not accessible.
>
> Hi Quanah,
>
> Ah yes indeed - that server was decommissioned last month. I've since
> reinstated the files from a backup onto a new server and updated DNS to
> point to it. Can you verify that you can now download them?

Thanks, got it now. The patch leaks memory. I'll commit a fixed version of it 
shortly.

-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/

Prev by Date: Re: (ITS#6688) OpenLDAP 2.4.23 doesn't enforce ACLs on back-perl subordinate database
Next by Date: (ITS#6966) admin guide references "Start TLS" instead of StartTLS
Index(es):
- Chronological
- Thread