[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Issue with default ACL selection and back-config (revitalizing ITS#3100?...)

Pierangelo Masarati wrote:

In access_allowed(), when called with null o_bd field, the first database is selected, where the first real database is traditionally intended. The current code has been modified to pick the first database by calling

       op->o_bd = LDAP_STAILQ_FIRST( &backendDB );

However, if back-config is enabled, it is forced to be the first database in the list. I can't figure out, right now, how this can be solved in a clean manner.

Hmmm... As per ITS#3100, the behavior to use the first backend has been in place for a long time, but it doesn't make a lot of sense in itself, it seems it was just a hack (acl.c rev 1.93) to allow ACL checks to be performed on the rootDSE and other objects that live outside of a regular backend. Since we now have a frontendDB where the global ACLs live, I think we should just use the frontendDB here.

 -- Howard Chu
 Chief Architect, Symas Corp.       Director, Highland Sun
 http://www.symas.com               http://highlandsun.com/hyc
 Symas: Premier OpenSource Development and Support