ondra@mistotebe.net wrote:
On Fri, May 04, 2018 at 09:21:59PM +0000, quanah@openldap.org wrote:
As noted in the OpenLDAP source (http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=blob;f=servers/sla...) there is an issue with controls being reset with a new extended operation. This is problematic for a proxy auth mechanism being developed, as it needs to have the controls preserved while passing an extended op to slapd.
A possibility would be to re-register the control, adding the corresponding extended operations, but the parsing function resets them so this unfortunately is not an option.
The issue is actually allowing existing controls to be used with newly registered exops, since the only way to declare the compatibility would be by re-registering the control. Problem there is that built-in controls have everything static to controls.c, so it's not even possible to do that.
A solution would be to add another piece of API that receives a pair of (control OID, exop OID), finds the control and adds the OID to the sc_extendedops(bv) lists.
Going to do just that (register_control_exop() a decent name?).
Makes sense.
-
hyc@symas.com