[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: checking for bound user
- To: <openldap-devel@OpenLDAP.org>
- Subject: RE: checking for bound user
- From: "David Parker" <david.parker@rocketsoftware.com>
- Date: Thu, 8 Apr 2004 21:14:37 -0400
- Content-class: urn:content-classes:message
- Thread-index: AcQdzyE67BJ2PAMjSzirAZYKUw233AAANlXw
- Thread-topic: checking for bound user
That's a big help. Thanks for the code!
- DAP
> -----Original Message-----
> From: Howard Chu [mailto:hyc@highlandsun.com]
> Sent: Thursday, April 08, 2004 9:08 PM
> To: David Parker; openldap-devel@OpenLDAP.org
> Subject: RE: checking for bound user
>
>
> OK. You'll need to scan through with something like this:
>
> slap_overinst *on, *o2;
> slap_overinfo *oi;
> int foundit = 0;
>
> on = (slap_overinst *)op->o_bd->bd_info;
>
> if (!op->o_conn->c_authz_backend ||
> strcmp(op->o_conn->c_authz_backend->be_type, "over")) {
> /* Not ours */
> return -1;
> }
>
> oi = op->o_conn->c_authz_backend->bd_info;
> for (o2 = oi->oi_list; o2; o2=o2->on_next) {
> if (o2 == on) {
> foundit = 1;
> break;
> }
> }
>
> -- Howard Chu
> Chief Architect, Symas Corp. Director, Highland Sun
> http://www.symas.com http://highlandsun.com/hyc
> Symas: Premier OpenSource Development and Support
>
> > -----Original Message-----
> > From: owner-openldap-devel@OpenLDAP.org
> > [mailto:owner-openldap-devel@OpenLDAP.org]On Behalf Of David Parker
> > Sent: Thursday, April 08, 2004 1:07 PM
> > To: openldap-devel@OpenLDAP.org
> > Subject: RE: checking for bound user
> >
> >
> > I tried checking op->o_conn->c_authz_backend->be_type, but the value
> > is "over", the value of overtype[] in backover.c.
> >
> > I know I should be able to figure this out by looking at the
> > code, but trying to sort out between BackendInfo, BackendDB,
> > the #define short-cuts in between them, and then the overlay
> > structure makes me feel like I'm on drugs. Or, maybe, drugs
> > are the answer....
> >
> > Where can I get to the value that was specified on
> > slap_overinst.on_bi.bi_type for the slap_overinst originally
> > passed to overlay_register?
> >
> > I'm using 2.2.6 currently, with a patched backover.c (for the
> > multiple overlay fix).
> >
> > Thanks!
> >
> > - DAP
> >
> > > -----Original Message-----
> > > From: Howard Chu [mailto:hyc@highlandsun.com]
> > > Sent: Monday, April 05, 2004 4:27 PM
> > > To: David Parker; openldap-devel@OpenLDAP.org
> > > Subject: RE: checking for bound user
> > >
> > >
> > > > -----Original Message-----
> > > > From: owner-openldap-devel@OpenLDAP.org
> > > > [mailto:owner-openldap-devel@OpenLDAP.org]On Behalf Of
> > David Parker
> > >
> > > > A follow-up question on the bound user:
> > > >
> > > > Once my overlay has bound a user, I want subsequent
> > > > operations (add,modify,etc) to be verify that the op->o_ndn
> > > > was bound with my overlay's method, i.e., I don't want a user
> > > > bound by another backend to be able to perform operations in
> > > > my overlay. I might be able to achieve the functionality I
> > > > want with ACLs, as well, but I wanted to check the
> > > > feasibility of this other approach.
> > >
> > > The backend that performed the authentication for the current
> > > session is recorded in conn->c_authz_backend. All you have to
> > > do is compare that against your backend.
> > >
> > > -- Howard Chu
> > > Chief Architect, Symas Corp. Director, Highland Sun
> > > http://www.symas.com http://highlandsun.com/hyc
> > > Symas: Premier OpenSource Development and Support
> > >
> >
> >
> >
>