[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: slapo-dynlist desgin question(s)

Howard Chu wrote:
Pierangelo Masarati wrote:
Quanah Gibson-Mount wrote:
My intention is to be able to do something like:

access to dn.exact="cn=groupa,cn=groups,dc=stanford,dc=edu"

This should read:

access to dn.exact="cn=groupa,cn=groups,dc=stanford,dc=edu" attrs=member
Try this patch (to HEAD as of now).

We already use is_auth_check in ACL checking, what is this is_acl_check flag for?
auth_check means that's an authorization check, which causes ACL_READ to be turned into ACL_AUTH; acl_check means that the acl checking is part of a search that's internal to ACL checking itself, not only for auth purposes, and thus deserves to be performed with rootdn identity. It's different.


Ing. Pierangelo Masarati
OpenLDAP Core Team

SysNet s.n.c.
Via Dossi, 8 - 27100 Pavia - ITALIA
Office:   +39.02.23998309
Mobile:   +39.333.4963172
Email:    pierangelo.masarati@sys-net.it