[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
SSF not propagated to syncrepl operation (ITS#3131)
Full_Name: Luke Howard
Version: 2.2.10
OS: Linux
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (165.228.130.11)
The application of consumer-side ACLs that contain minimum SSFs does not work
with syncrepl, because the SSF is not propagated from the LDAP session to the
fake operation.
For example:
access to *
by dn.subtree="OU=Domain Controllers,DC=dsg,DC=padl,DC=com" ssf=56
write
The following difference against OPENLDAP_REL_ENG_2_2_10 fixes this.
Index: syncrepl.c
===================================================================
RCS file: /repo/OpenLDAP/pkg/ldap/servers/slapd/syncrepl.c,v
retrieving revision 1.24.2.20
diff -u -r1.24.2.20 syncrepl.c
--- syncrepl.c 13 Apr 2004 15:49:08 -0000 1.24.2.20
+++ syncrepl.c 5 May 2004 03:36:52 -0000
@@ -302,6 +302,9 @@
}
}
+ /* set SSF for local authorization */
+ ldap_get_option( si->si_ld, LDAP_OPT_X_SASL_SSF, &op->o_ssf );
+
/* get syncrepl cookie of shadow replica from subentry */
assert( si->si_rid < 1000 );
lukeh@corp/tankstream[190]%