[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: dnattr in access clause doesn't work (ITS#2572)
I think I have mistake the place where the bug is. the right place is in
acl_mask() function, in bracket "if ( b->a_dn_at != NULL ) { }" , where
these directives
"
/* see if asker is listed in dnattr */
for( at = attrs_find( e->e_attrs, b->a_dn_at );
at != NULL;
at = attrs_find( at->a_next, b->a_dn_at ) )
"
try to find e->e_attrs in b->a_dn_at. the "e" is the target(indicated by
"access to") we wish to access. in fact , this should be the entry indicated
by "b->a_dn_pat" ("by dn.base=" clause), if this entry contains an
attribute b->a_dn_at, then check the list.
and following directives should also be midified
"
/* AND <who> clauses */
if ( b->a_dn_pat.bv_len != 0) {
"
to
"
/* AND <who> clauses */
if ( b->a_dn_pat.bv_len != 0 && b->a_dn_at == NULL) {
"
because this bracket will compare "b->a_dn_pat" and "op->o_ndn"(the user's
dn), in fact , this is not neccessary when a dnattr is given. if dnattr is
presented, then "op->o_ndn" should be compared with the entry which
b->a_dn_pat's attribute indicate. if do not modify here, then "b->a_dn_pat"
will never match "op->o_ndn" in case of presenting dnattr.
I've done a modification, then my example runs as well. I don't know if it's
clear to describe the bug. if you still cann't not found the problem, then
please don't pay attention to my message.
thank you :)
----- Original Message -----
From: "Kurt Zeilenga" <openldap-its@OpenLDAP.org>
To: <alexela_1999@sina.com>
Sent: Friday, June 06, 2003 12:32 AM
Subject: Re: dnattr in access clause doesn't work (ITS#2572)
> Your report is not believed as indicative of a software bug and
> hence the issue will be closed.
>
>