o_dn is only used for logging purposes, as far as I recall. But there are other fields in o_authz (e.g. ssf related) that may be relevant for ACL evaluation. However, if you're just using the rootdn anyway, those issues are moot.hyc@OpenLDAP.org wrote:
I guess a similar fix is required elsewhere, whenever the identity of an operation is changed. For instance, in ACIs, I need to set the identity that climbs the tree to the rootdn to avoid chicken and egg issues during access checking, and I only set op->o_ndn; something similar occurs in other pieces of code where internal operations must be performed wth a different identity. Does o_dn and o_authz need to be consistently set in all these cases?Update of /repo/OpenLDAP/pkg/ldap/servers/slapd/overlays
Modified Files: syncprov.c 1.102 -> 1.103
Log Message:
ITS#3989 fix ID used for syncprov_findbase
-- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc OpenLDAP Core Team http://www.openldap.org/project/