[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: rs_modlist for modRDN



On Mon, 2006-01-02 at 16:35 +0100, Pierangelo Masarati wrote:
> On Mon, 2006-01-02 at 16:33 +0100, Pierangelo Masarati wrote:
> 
> > In fact, the problem was there, but it only appeared in test006 when you
> > added the SLAP_MOD_INTERNAL to the naming attribute modifications; this
> > flags essentially causes ACLs to be skipped for those modifications.
> 
> Apologies: it wasn't you that added that flag.  The problem is a bit
> elsewhere, still trying to address it.

No, it was there; in the original implementation, access control was
performed in slapd_modrdn2mods() and then SLAP_MOD_INTERNAL was added to
avoid repeating access control; when you reworked it, you eliminated
access control, but you left the SLAP_MOD_INTERNAL in place.  The fix is
trivial: remove that flag, so that access control is delegated to the
backend.

p.




Ing. Pierangelo Masarati
Responsabile Open Solution
OpenLDAP Core Team

SysNet s.n.c.
Via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
------------------------------------------
Office:   +39.02.23998309          
Mobile:   +39.333.4963172
Email:    pierangelo.masarati@sys-net.it
------------------------------------------