[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: rs_modlist for modRDN
On Mon, 2006-01-02 at 16:35 +0100, Pierangelo Masarati wrote:
> On Mon, 2006-01-02 at 16:33 +0100, Pierangelo Masarati wrote:
>
> > In fact, the problem was there, but it only appeared in test006 when you
> > added the SLAP_MOD_INTERNAL to the naming attribute modifications; this
> > flags essentially causes ACLs to be skipped for those modifications.
>
> Apologies: it wasn't you that added that flag. The problem is a bit
> elsewhere, still trying to address it.
No, it was there; in the original implementation, access control was
performed in slapd_modrdn2mods() and then SLAP_MOD_INTERNAL was added to
avoid repeating access control; when you reworked it, you eliminated
access control, but you left the SLAP_MOD_INTERNAL in place. The fix is
trivial: remove that flag, so that access control is delegated to the
backend.
p.
Ing. Pierangelo Masarati
Responsabile Open Solution
OpenLDAP Core Team
SysNet s.n.c.
Via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
------------------------------------------
Office: +39.02.23998309
Mobile: +39.333.4963172
Email: pierangelo.masarati@sys-net.it
------------------------------------------