[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: sizelimit evaluated before ACLs?
On Wed, 2005-11-23 at 15:14 -0800, Howard Chu wrote:
>
> It is the as-designed behavior. But you're right, the design is broken
> here. Currently all sizelimit checking is done in the individual
> backends,
This could be easily fixed: right now, backends just rely on the fact
they got to calling send_search_entry() to do sizelimit handling; we
should check if the entry was actually sent (and trusting the return
value of send_search_entry() would not work, because many callback
layers may intervene)... I suspect we'd need to add a special internal
result code that says "ACLs prevented sending to client", sort of
SLAP_INSUFFICIENT_ACCESS.
> while the search ACLs are checked in the frontend. Checking in
> the backends means there's a lot of redundant code; it should all be
> moved into the frontend.
>
> Such a change would break the pagedResults implementation in back-bdb.
> But that's probably OK, since the pagedResults feature properly belongs
> in the frontend as well.
That's on the long-term todo list...
p.
Ing. Pierangelo Masarati
Responsabile Open Solution
SysNet s.n.c.
Via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
------------------------------------------
Office: +39.02.23998309
Mobile: +39.333.4963172
Email: pierangelo.masarati@sys-net.it
------------------------------------------