[Date Prev][Date Next]
anonymous and aci in attribute
I write to this list because I could not get help on general list for
I know that this list is for developers so I just would like to point
something and maybe report a bug.
I tried to use aci in attributes feature (--aci-enabled), it worked
for users but I could not make it work for anonymous.
Than I started to read carefully acl.c file in servers/slapd directory
found that in function acl_mask in block when aci is enabled
there is an IF clause
if ( b->a_aci_at != NULL )
and next after a comment there is another IF
if( op->o_ndn == NULL || op->o_ndn == '\0' )
which actually stops aci processing for anonymous bind.
When I put additional IF before that saying
IF current bind it is anonymous or it is auth operation skip this step
else go through it.
if (strcmp(op->o_ndn, "") || !strcmp(access2str(access), "auth"))
After that it seemed that everything works fine and aci for for
user are processed as supposed!
I know that modification is just an ugly hack :) not a solution,
but I would be grateful if somebody explained if it is a bug or a