29 Oct
2010
29 Oct
'10
9:35 a.m.
Hi all,
An update on this bug report: with a modified slapd.conf and a small patch to the back-perl module, I can use the ACL mask to ensure that the perl search function doesn't get invoked if disallowed by the ACLs.
The patch works by creating a "fake" empty entry whose DN is the base of the search, and then passing this entry into access_allowed() using code borrowed from one of the other backends to either deny or allow access.
http://pastebin.siriusit.co.uk/perlacl/slapd2.conf http://pastebin.siriusit.co.uk/perlacl/openldap-backperl-acls.patch
Is this something that could be considered for inclusion upstream or does it require more work?
ATB,
Mark.
--
Mark Cave-Ayland - Senior Technical Architect
PostgreSQL - PostGIS
Sirius Corporation plc - control through freedom
http://www.siriusit.co.uk
t: +44 870 608 0063
Sirius Labs: http://www.siriusit.co.uk/labs
4927
Age (days ago)
4927
Last active (days ago)
0 comments
1 participants
participants (1)
-
mark.cave-ayland@siriusit.co.uk