[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: does back-sql bypass ACL ?
Hi!
Thomas Cramer <cramert@musc.edu> writes:
> I can't totally recall without looking at the code (maybe Kurt knows
> better), but the access atributes are controlled by the "core" part of
> openldap.
It seems to be true for reading operation only no for others for example:
servers/slapd/back-sql/modify.c
in function backsql_add:
it verifies if:
- dn is valid
- objectclass exists.
- "create procedure" exists for the sgbd.
After, this function get a connection to the sgbd and calls the
"add" procedure of the sgbd. It do not see any acl verificiation.
I imagine that no verifications are made before calling this function
since this is here that validities of dn and objectclass are
checked. Maybe i am wrong.
See you.