[Date Prev][Date Next]
Re: commit: ldap/servers/slapd aclparse.c
- Subject: Re: commit: ldap/servers/slapd aclparse.c
- From: Pierangelo Masarati <email@example.com>
- Date: Mon, 29 Oct 2001 08:37:41 +0100
- Cc: OpenLDAP Devel <openldap-devel@OpenLDAP.org>
- Organization: Dipartimento di Ingegneria Aerospaziale
- References: <200110290714.f9T7ECe05305@boole.openldap.org>
> Log Message:
> fixes assertion fault when the <to> clauses's argument does not have a = inside
Got this bug while playing with recursive group <who>
It works very fine, but it is somehow intrusive because
I had to add an argument to the backend_group call and to
each backend group function. The need for this sort of
access emerged from discussions on the list.
Recalling the access syntax:
access to <what> [ by <who> <access> [ <control> ] ]+
the group <who> clause
allows access if the requesting dn (op_ndn) is listed
in the members (<attrname>) of a group objectclass
(<objectclass>) whose dn matches the <pattern> (as defined
In case an appropriate flag is set, I made this check continue,
in case of failure, by recursively searching the requesting dn
(op_ndn) in the group objectclasses represented by the members
of the initial objectclass that matches <pattern>.
Although dangerous (no loop check) and heavy, it may be useful.
If there's no objections I'll commit the whole stuff.
Dr. Pierangelo Masarati | voice: +39 02 2399 8309
Dip. Ing. Aerospaziale | fax: +39 02 2399 8334
Politecnico di Milano | mailto:firstname.lastname@example.org
via La Masa 34, 20156 Milano, Italy |