[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: commit: ldap/servers/slapd aclparse.c
- Subject: Re: commit: ldap/servers/slapd aclparse.c
- From: Pierangelo Masarati <masarati@aero.polimi.it>
- Date: Mon, 29 Oct 2001 08:37:41 +0100
- Cc: OpenLDAP Devel <openldap-devel@OpenLDAP.org>
- Organization: Dipartimento di Ingegneria Aerospaziale
- References: <200110290714.f9T7ECe05305@boole.openldap.org>
ando@OpenLDAP.org wrote:
>
> Log Message:
> fixes assertion fault when the <to> clauses's argument does not have a = inside
Got this bug while playing with recursive group <who>
clause.
It works very fine, but it is somehow intrusive because
I had to add an argument to the backend_group call and to
each backend group function. The need for this sort of
access emerged from discussions on the list.
Recalling the access syntax:
access to <what> [ by <who> <access> [ <control> ] ]+
the group <who> clause
group[/<objectclass>[/<attrname>]][.<style>]=<pattern>
allows access if the requesting dn (op_ndn) is listed
in the members (<attrname>) of a group objectclass
(<objectclass>) whose dn matches the <pattern> (as defined
by <style>).
In case an appropriate flag is set, I made this check continue,
in case of failure, by recursively searching the requesting dn
(op_ndn) in the group objectclasses represented by the members
of the initial objectclass that matches <pattern>.
Although dangerous (no loop check) and heavy, it may be useful.
If there's no objections I'll commit the whole stuff.
Pierangelo.
--
Dr. Pierangelo Masarati | voice: +39 02 2399 8309
Dip. Ing. Aerospaziale | fax: +39 02 2399 8334
Politecnico di Milano | mailto:masarati@aero.polimi.it
via La Masa 34, 20156 Milano, Italy |
http://www.aero.polimi.it/~masarati