[Date Prev][Date Next]
Re: fe_access_allowed() odds (Was: commit: ldap/servers/slapd acl.c frontend.c proto-slap.h)
Pierangelo Masarati wrote:
That sounds like an odd change in behavior. Aside from the special
entries (rootDSE, subschema) if select_backend() cannot find a match we
should be dropping the request (either with a referral or OBJECT_NOT_FOUND).
Add fe_access_allowed(), should allow global ACL overlays to workThis didn't handle the case of requests that are corretly honored by
the frontend itself. Please review my fix. Howard, what about having
select_backend() return the frontendDB for the appropriate entries?
Do you see any drawbacks? (all entries that don't match, or rootDSE
and cn=Subschema only?)
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc
OpenLDAP Core Team http://www.openldap.org/project/