[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACI's and 'by users read'



> OpenLDAP v2.2.23 (servers/slapd/acl.c):
> ----- s n i p -----
> static struct berval
>         [...]
>         aci_bv_users            = BER_BVC("users"),
> [...]
> static slap_control_t
> acl_mask(

^^^ I said aci_mask(); that's the "by users" in regular ACLs, not ACI. 
Despite the name of the variable that's holding the string "users", as of
2.2 it's not being used in ACIs.  Don't ask why, I made HEAD honor it as
soon as I re-engineered ACI code, but it never happened to be backported
because re-engineering was quite heavy.  The relevant portion of its
implementation in 2.3 is at line 2498 of slapd/acl.c; its import in 2.2
code should be quite trivial (copy few lines of code):

<2.3 servers/slapd/acl.c:2498>
        /* see if we have a users access */
        if ( ber_bvstrcasecmp( &aci_bv_users, &type ) == 0 ) {
                return 1;
        }
</2.3 servers/slapd/acl.c>


> [...]
>                         } else if ( bvmatch( &b->a_dn_pat, &aci_bv_users )
> ) {
>                                 if ( op->o_ndn.bv_len == 0 ) {
>                                         continue;

p.

-- 
Pierangelo Masarati
mailto:pierangelo.masarati@sys-net.it


    SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497