[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: fe_access_allowed() odds (Was: commit: ldap/servers/slapd acl.c frontend.c proto-slap.h)

Pierangelo Masarati wrote:
lukeh@OpenLDAP.org wrote:

Add fe_access_allowed(), should allow global ACL overlays to work

This didn't handle the case of requests that are corretly honored by the frontend itself. Please review my fix. Howard, what about having select_backend() return the frontendDB for the appropriate entries? Do you see any drawbacks? (all entries that don't match, or rootDSE and cn=Subschema only?)
That sounds like an odd change in behavior. Aside from the special entries (rootDSE, subschema) if select_backend() cannot find a match we should be dropping the request (either with a referral or OBJECT_NOT_FOUND).

 -- Howard Chu
 Chief Architect, Symas Corp.  http://www.symas.com
 Director, Highland Sun        http://highlandsun.com/hyc
 OpenLDAP Core Team            http://www.openldap.org/project/