[Date Prev][Date Next] [Chronological] [Thread] [Top]

anonymous and aci in attribute



Hi,

I write to this list because I could not get help on general list for
users.
I know that this list is for developers so I just would like to point
something and maybe report a bug.

I tried to use aci in attributes feature (--aci-enabled), it worked
great
for users but I could not make it work for anonymous.
Than I started to read carefully acl.c file in servers/slapd directory
and
found that in function acl_mask in block when aci is enabled
#ifdef SLAPD_ACI_ENABLED
there is an IF clause 
if ( b->a_aci_at != NULL )
and next after a comment there is another IF 
if( op->o_ndn == NULL || op->o_ndn[0] == '\0' )
which actually stops aci processing for anonymous bind.

When I put additional IF before that saying

IF current bind it is anonymous or it is auth operation skip this step
else go through it.
if (strcmp(op->o_ndn, "") || !strcmp(access2str(access), "auth"))

After that it seemed that everything works fine and aci for for
anonymous
user are processed as supposed!

I know that modification is just an ugly hack :) not a solution,
but I would be grateful if somebody explained if it is a bug or a
feature?

-- 
Norbert Pabiś