[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#5601) set-acl failure under back-ldap+rwm

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#5601) set-acl failure under back-ldap+rwm
From: mbackes@symas.com
Date: Mon, 14 Jul 2008 07:03:41 GMT

> To further elaborate, even if the virtual DN is set instead of the  
> real one in c_ndn, the operation fails because ACL checking passes  
> through bi_entry_get_rw(), which is not provided by slapo-rwm, and  
> can't be provided according to the current design, since it does not  
> allow to massage the arguments.  As a quick'n'dirty fix, what you  
> can do is make the proxy database serve both naming contexts, namely
>
> database ldap
> suffix "dc=remote,dc=local"
> suffix "dc=remote"

This works for getting the query to the right place; thanks!  Remapped  
attributes in the acl obviously don't work, but working around that is  
straight-forward also.

> This is a hack; the real fix requires to redesign the API of  
> bi_entry_get_rw(), to let it modify the request arguments while  
> letting the real function do the hard job.

Right, okay.

Matthew Backes
Symas Corporation
mbackes@symas.com

Prev by Date: Re: (ITS#5609) slapo-constraint with typ 'uri' rejects valid attribute values
Next by Date: (ITS#5612) Contributing An Overlay which Submits Modification in LDAP to a Web-Page!
Index(es):
- Chronological
- Thread