[Date Prev][Date Next] [Chronological] [Thread] [Top]

Shell backend, modify method, ACL


  I'm coding a custom shell backend for slapd.
  This backend is used to give a LDAP interface to our network registry
(in fact just a hierarchy of directories and files).

  All went well for the the search and bind methods but I have a problem
with the modify method. The slapd server let the user requests to hit
the modify method without verifying ACL, it seems that the user (the
one that write the modify backend) has to check access list by hand.

  Since the ACL stuff is a complex one, it seems easier to modify the
file servers/slapd/back-shell/modify.c. I just added a few lines :

        { char *text;
          Modifications *p;
          text=stringCatenate("dn: ",dn,"");
          if (!acl_check_modlist(be,conn,op,e,ml))

The method consists in building an (Entry *) from the parameter dn
and in calling acl_check_modlist.

  That do the work I think ...
  Is it possible to have this modification (or the equivalent better
coded) incorporated in the official code ? I may have missed an important
issue ?

  Thanks in advance for any information on this subject.