[Date Prev][Date Next] [Chronological] [Thread] [Top]

anonymous and aci in attribute

To: openldap-devel@OpenLDAP.org
Subject: anonymous and aci in attribute
From: Norbert Pabiś <npabis@e-point.pl>
Date: Thu, 20 Dec 2001 10:02:28 +0100
Organization: e-point S.A.

Hi,

I write to this list because I could not get help on general list for
users.
I know that this list is for developers so I just would like to point
something and maybe report a bug.

I tried to use aci in attributes feature (--aci-enabled), it worked
great
for users but I could not make it work for anonymous.
Than I started to read carefully acl.c file in servers/slapd directory
and
found that in function acl_mask in block when aci is enabled
#ifdef SLAPD_ACI_ENABLED
there is an IF clause 
if ( b->a_aci_at != NULL )
and next after a comment there is another IF 
if( op->o_ndn == NULL || op->o_ndn[0] == '\0' )
which actually stops aci processing for anonymous bind.

When I put additional IF before that saying

IF current bind it is anonymous or it is auth operation skip this step
else go through it.
if (strcmp(op->o_ndn, "") || !strcmp(access2str(access), "auth"))

After that it seemed that everything works fine and aci for for
anonymous
user are processed as supposed!

I know that modification is just an ugly hack :) not a solution,
but I would be grateful if somebody explained if it is a bug or a
feature?

-- 
Norbert Pabiś

Follow-Ups:
- Re: anonymous and aci in attribute
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

Prev by Date: Re: which attribute can be used as profile-entity
Next by Date: HEADS UP: LDAPv2
Index(es):
- Chronological
- Thread