Re: commit: ldap/servers/slapd proto-slap.h controls.c operation.c

[Pierangelo Masarati <ando@sys-net.it>]

Pierangelo Masarati wrote:
> Howard Chu wrote:
> > I think the groups should not even have been cached in the first 
> > place; lookups for auth purposes usually set op->o_nocaching.
> You're right; but the point doesn't seem to be about caching during 
> the authorization-related internal lookup; caching seems to occur 
> earlier, while checking access to the authzTo/authzFrom attrs.  There 
> might be some issue in the authz resolution.
The issue seems to occur in slap_sasl_check_authz(), which calls 
backend_attribute() to gather authzTo/authzFrom complying with access 
control.  The point is: should "no caching" be set here or directly in 
backend_attribute()?  It seems to me that few cases of using 
backend_attribute() would require caching of access control...

p.



Ing. Pierangelo Masarati
OpenLDAP Core Team

SysNet s.n.c.
Via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
------------------------------------------
Office:   +39.02.23998309
Mobile:   +39.333.4963172
Email:    pierangelo.masarati@sys-net.it
------------------------------------------