[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
slapd/acl.c: using "filter=()" in an acl does not trigger an overlay's search callback
- To: openldap-devel@openldap.org
- Subject: slapd/acl.c: using "filter=()" in an acl does not trigger an overlay's search callback
- From: Daniel <deepee@gmx.net>
- Date: Wed, 05 Aug 2009 10:54:31 +0200
- User-agent: Thunderbird 2.0.0.22 (X11/20090608)
Hi,
my experimental overlay intercepts search requests and modifies the
filter-expressions (e.g. removes/expand AND|OR). Therefore the overlay
modifies "struct Filter op->ors_filter" on the fly, handles memory
(op->o_tmpmemctx/filter_free) and so on. It works fine, currently no
memleaks (valgrind) etc and I would like contribute it (once it's
finished... ;-) )
To get the maximum flexibility out of the current prototyp I'm looking
after a solution to have my overlay intercept the following "search", too:
access to filter=(description=editMe)
by self write
by * none
The ACL's filter seems not to "fire" a search request because in acl.c
lines 704 to 709 "test_filter(NULL, e, a->acl_filter)" get's called
directly. This results in bypassing the overlay's search callback. Was
this for performance reasons?
Are there any chances to replace "test_filter()" by some kind of
slapd_internal_search() in a way to enable overlay stack processing, for
this internal search? Any sort of advice is very welcome - I just want
to experiment with this, but currently I'm lost, regarding the right
approach.
I think I've seen some kind of internal search regarding sasl-regexp
expansion. When using a filter-expressions in a sasl-regexp some sort of
internal search gets triggered, because my overlay reacts correctly on
it: slapd/saslauthz.c lines 1805 - 1835. Possibly something similar
could be done in acl.c, too? What's your opinion?
Thanks a lot!
Daniel
P.S.: slapd version: OpenLDAP-CVS