[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: access control 'set=' problem (ITS#3140)

To: openldap-its@OpenLDAP.org
Subject: Re: access control 'set=' problem (ITS#3140)
From: ando@sys-net.it
Date: Wed, 12 May 2004 21:32:23 GMT

> I think I got it: the function that evaluates if a set matches
> calls aci_match_set(), which on turn calls backend_attribute()
> to access the specific attribute that's used by the set in a
> backend-independent manner.  This function has been recently
> reworked to only access those attributes that can be actually
> accessed by the requester, i.e. it assesses access permission
> as well, causing the andless recursion I mentioned earlier.
>
> I think a solution would be to specialize backend_attribute to
> skip ACL check on certain calls.  I'll have a look at it.

It should now be fixed in HEAD; please test.  Thanks for reporting
the problem.

p.

-- 
Pierangelo Masarati
mailto:pierangelo.masarati@sys-net.it




    SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497

Prev by Date: Re: access control 'set=' problem (ITS#3140)
Next by Date: Re: access control 'set=', no problem any more (ITS#3140)
Index(es):
- Chronological
- Thread