[Date Prev][Date Next] [Chronological] [Thread] [Top]

entryDN not allowed in compare

To: openldap-devel@OpenLDAP.org
Subject: entryDN not allowed in compare
From: "Pierangelo Masarati" <ando@sys-net.it>
Date: Fri, 21 Jan 2005 14:15:16 +0100 (CET)
Domainkey-signature: a=rsa-sha1; s=mail; d=sys-net.it; c=simple; q=dns; b=jxayyK26oXoj0W+Q9yi1GCYQZqkHBkmzS4LIvxWGSQ8U4biAgdSMb2SNJweL9vfBl 3GByYW4j1hjL4k4lTzvbQ==
Importance: Normal
User-agent: SquirrelMail/1.4.3a-1

[possibly related to ITS#3491]

I note that entryDN is not allowed in compare.  Of course that's trivial,
because the assertion is always true if the asserted value is equal to the
requested DN, but I wonder why not, say, just perform the check in the
frontend?  All in all what would be really missing is access control,
which could be performed by calling backend_attribute().  The whole
compare operation could be performed in the frontend by calling
backend_attribute().  In some sense, access to entryDN should be equal to
access to the pseudo-attribute "entry".

p.

-- 
Pierangelo Masarati
mailto:pierangelo.masarati@sys-net.it


    SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497

Follow-Ups:
- Re: entryDN not allowed in compare
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

Prev by Date: Re: dropping back-ldbm
Next by Date: Re: back-ldap and StartTLS
Index(es):
- Chronological
- Thread