[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: checking for bound user

To: <openldap-devel@OpenLDAP.org>
Subject: RE: checking for bound user
From: "David Parker" <david.parker@rocketsoftware.com>
Date: Thu, 8 Apr 2004 21:14:37 -0400
Content-class: urn:content-classes:message
Thread-index: AcQdzyE67BJ2PAMjSzirAZYKUw233AAANlXw
Thread-topic: checking for bound user

That's a big help. Thanks for the code!

- DAP

> -----Original Message-----
> From: Howard Chu [mailto:hyc@highlandsun.com]
> Sent: Thursday, April 08, 2004 9:08 PM
> To: David Parker; openldap-devel@OpenLDAP.org
> Subject: RE: checking for bound user
> 
> 
> OK. You'll need to scan through with something like this:
> 
> 	slap_overinst *on, *o2;
> 	slap_overinfo *oi;
> 	int foundit = 0;
> 
> 	on = (slap_overinst *)op->o_bd->bd_info;
> 
> 	if (!op->o_conn->c_authz_backend ||
> 		strcmp(op->o_conn->c_authz_backend->be_type, "over")) {
> 		/* Not ours */
> 		return -1;
> 	}
> 
> 	oi = op->o_conn->c_authz_backend->bd_info;
> 	for (o2 = oi->oi_list; o2; o2=o2->on_next) {
> 		if (o2 == on) {
> 			foundit = 1;
> 			break;
> 		}
> 	}
> 
>   -- Howard Chu
>   Chief Architect, Symas Corp.       Director, Highland Sun
>   http://www.symas.com               http://highlandsun.com/hyc
>   Symas: Premier OpenSource Development and Support 
> 
> > -----Original Message-----
> > From: owner-openldap-devel@OpenLDAP.org
> > [mailto:owner-openldap-devel@OpenLDAP.org]On Behalf Of David Parker
> > Sent: Thursday, April 08, 2004 1:07 PM
> > To: openldap-devel@OpenLDAP.org
> > Subject: RE: checking for bound user
> > 
> > 
> > I tried checking op->o_conn->c_authz_backend->be_type, but the value
> > is "over", the value of overtype[] in backover.c.
> > 
> > I know I should be able to figure this out by looking at the 
> > code, but trying to sort out between BackendInfo, BackendDB, 
> > the #define short-cuts in between them, and then the overlay 
> > structure makes me feel like I'm on drugs. Or, maybe, drugs 
> > are the answer....
> > 
> > Where can I get to the value that was specified on 
> > slap_overinst.on_bi.bi_type for the slap_overinst originally 
> > passed to overlay_register?
> > 
> > I'm using 2.2.6 currently, with a patched backover.c (for the 
> > multiple overlay fix).
> > 
> > Thanks!
> > 
> > - DAP
> > 
> > > -----Original Message-----
> > > From: Howard Chu [mailto:hyc@highlandsun.com]
> > > Sent: Monday, April 05, 2004 4:27 PM
> > > To: David Parker; openldap-devel@OpenLDAP.org
> > > Subject: RE: checking for bound user
> > > 
> > > 
> > > > -----Original Message-----
> > > > From: owner-openldap-devel@OpenLDAP.org
> > > > [mailto:owner-openldap-devel@OpenLDAP.org]On Behalf Of 
> > David Parker
> > > 
> > > > A follow-up question on the bound user:
> > > > 
> > > > Once my overlay has bound a user, I want subsequent 
> > > > operations (add,modify,etc) to be verify that the op->o_ndn 
> > > > was bound with my overlay's method, i.e., I don't want a user 
> > > > bound by another backend to be able to perform operations in 
> > > > my overlay. I might be able to achieve the functionality I 
> > > > want with ACLs, as well, but I wanted to check the 
> > > > feasibility of this other approach.
> > > 
> > > The backend that performed the authentication for the current 
> > > session is recorded in conn->c_authz_backend. All you have to 
> > > do is compare that against your backend.
> > > 
> > >   -- Howard Chu
> > >   Chief Architect, Symas Corp.       Director, Highland Sun
> > >   http://www.symas.com               http://highlandsun.com/hyc
> > >   Symas: Premier OpenSource Development and Support 
> > > 
> > 
> > 
> > 
>

Follow-Ups:
- RE: checking for bound user
  - From: "Howard Chu" <hyc@highlandsun.com>

Prev by Date: RE: checking for bound user
Next by Date: RE: checking for bound user
Index(es):
- Chronological
- Thread