[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Slapi extended op plugin

To: ajb@sphere-systems.demon.co.uk
Subject: Re: Slapi extended op plugin
From: Luke Howard <lukeh@PADL.COM>
Date: Sat, 14 Aug 2004 14:40:56 +1000
Cc: openldap-devel@OpenLDAP.org
Organization: PADL Software Pty Ltd
Versions: dmail (bsd44) 2.6d/makemail 2.10

>	1/ How can I find out who is the bound user, i.e. who's running the op?

Retrieve SLAPI_CONN_DN from the pblock, eg:

int foo_extop(Slapi_PBlock *pb)
{
	char *dn;
	int rc;

	rc = slapi_pblock_get(pb, SLAPI_CONN_DN, &dn);
	if (rc != 0 || dn == NULL)
		// handle error

	...
}


>	2/ Can I assume that all data accesses will be done with respect to the acls 
>in force in the directory, or do plugins circumvent those controls?

You need to do your own access control checking with slapi_access_allowed().

When calling an internal plugin function it runs as the rootdn.

-- Luke

Prev by Date: Slapi extended op plugin
Next by Date: Re: Slapi extended op plugin
Index(es):
- Chronological
- Thread