[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: commit: ldap/servers/slapd/overlays syncprov.c

Pierangelo Masarati wrote:
hyc@OpenLDAP.org wrote:

Update of /repo/OpenLDAP/pkg/ldap/servers/slapd/overlays

Modified Files:
    syncprov.c  1.102 -> 1.103

Log Message:
ITS#3989 fix ID used for syncprov_findbase

I guess a similar fix is required elsewhere, whenever the identity of an operation is changed. For instance, in ACIs, I need to set the identity that climbs the tree to the rootdn to avoid chicken and egg issues during access checking, and I only set op->o_ndn; something similar occurs in other pieces of code where internal operations must be performed wth a different identity. Does o_dn and o_authz need to be consistently set in all these cases?

o_dn is only used for logging purposes, as far as I recall. But there are other fields in o_authz (e.g. ssf related) that may be relevant for ACL evaluation. However, if you're just using the rootdn anyway, those issues are moot.

 -- Howard Chu
 Chief Architect, Symas Corp.  http://www.symas.com
 Director, Highland Sun        http://highlandsun.com/hyc
 OpenLDAP Core Team            http://www.openldap.org/project/