[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: does back-sql bypass ACL ?

To: Thomas Cramer <cramert@musc.edu>
Subject: Re: does back-sql bypass ACL ?
From: Frederic Saincy <freddy@lovelinux.org>
Date: 31 May 2002 08:27:20 +0200
Cc: openldap-software@OpenLDAP.org
In-reply-to: <4704584.1022800058@[192.168.1.104]>
References: <87vg9vtnsn.fsf@panda.baobab.home> <4704584.1022800058@[192.168.1.104]>
User-agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.2

Hi!

Thomas Cramer <cramert@musc.edu> writes:
> I can't totally recall without looking at the code (maybe Kurt knows
> better), but the access atributes are controlled by the "core" part of
> openldap.  

It seems to be true for reading operation only no for others for example:

servers/slapd/back-sql/modify.c

in function backsql_add:

it verifies if:

- dn is valid
- objectclass exists.
- "create procedure" exists for the sgbd.

After, this function get a connection to the sgbd and calls the
"add" procedure of the sgbd. It do not see any acl verificiation.

I imagine that no verifications are made before calling this function
since this is here that validities of dn and objectclass are
checked. Maybe i am wrong.

See you.

References:
- does back-sql bypass ACL ?
  - From: Frederic Saincy <freddy@lovelinux.org>
- Re: does back-sql bypass ACL ?
  - From: Thomas Cramer <cramert@musc.edu>

Prev by Date: Re: How do I know if I have encrypted ldap passwords
Next by Date: Re: How do I know if I have encrypted ldap passwords
Index(es):
- Chronological
- Thread