[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#5601) set-acl failure under back-ldap+rwm
> To further elaborate, even if the virtual DN is set instead of the
> real one in c_ndn, the operation fails because ACL checking passes
> through bi_entry_get_rw(), which is not provided by slapo-rwm, and
> can't be provided according to the current design, since it does not
> allow to massage the arguments. As a quick'n'dirty fix, what you
> can do is make the proxy database serve both naming contexts, namely
>
> database ldap
> suffix "dc=remote,dc=local"
> suffix "dc=remote"
This works for getting the query to the right place; thanks! Remapped
attributes in the acl obviously don't work, but working around that is
straight-forward also.
> This is a hack; the real fix requires to redesign the API of
> bi_entry_get_rw(), to let it modify the request arguments while
> letting the real function do the hard job.
Right, okay.
Matthew Backes
Symas Corporation
mbackes@symas.com