This is a multi-part message in MIME format. --------------080500010001090702060704 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit
masarati@aero.polimi.it wrote:
HI!
I've added support for 'allowedAttributesEffective' in web2ldap recently which works with AD. I tried this overlay but it seg faults with recent OpenLDAP version. Any chance to get this back on the radar?
I've built and tested my copy of allowed.c with HEAD and re24 and it works as expected. However, I might have modified it to keep pace with baseline code evolution without resubmitting modifications.
My version was indeed rather modified, that's why it worked. It's now in HEAD's contrib/slapd-modules/allowed/. It builds fine with HEAD and re24; it should also build with OL 2.3, although I haven't checked in a while. Please test and report.
I've created a simple Makefile derived from the one for slapo-smbk5pwd for this I'd like to contribute if appropriate. Please review. I grant *all* rights to the OpenLDAP project.
Now for the concrete testing:
In principle it works. That's great!
There's a special corner-case: If the user bound (e.g. anonymous in my test configuration) has no write access to any attribute an empty attribute value list is returned for 'allowedAttributesEffective'. Indeed this is helpful since my web2ldap can then distinguish between this attribute being not available at all or no attributes are allowed to be written. But I'm not sure whether that complies to the LDAP data model. What do you think?
Ciao, Michael.
--------------080500010001090702060704 Content-Type: text/plain; name="Makefile" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="Makefile"
# $OpenLDAP: pkg/ldap/contrib/slapd-modules/allowed/Makefile,v 1.3 2009/08/16 20:55:27 kurt Exp $ # This work is part of OpenLDAP Software http://www.openldap.org/. # # Copyright 1998-2009 The OpenLDAP Foundation. # Copyright 2004 Howard Chu, Symas Corp. All Rights Reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted only as authorized by the OpenLDAP # Public License. # # A copy of this license is available in the file LICENSE in the # top-level directory of the distribution or, alternatively, at # http://www.OpenLDAP.org/license.html.
PREFIX=/opt/openldap-HEAD
LIBTOOL=../../../libtool OPT=-g -O2 CC=gcc
DEFS=-DSLAPD_OVER_ALLOWED=SLAPD_MOD_DYNAMIC
LDAP_INC=-I../../../include -I../../../servers/slapd INCS=$(LDAP_INC)
LDAP_LIB=-lldap_r -llber -L../../../lib LDAP_LIB= LIBS=$(LDAP_LIB)
all: allowed.la
allowed.lo: allowed.c $(LIBTOOL) --mode=compile $(CC) $(OPT) $(DEFS) $(INCS) -c $?
allowed.la: allowed.lo $(LIBTOOL) --mode=link $(CC) $(OPT) -version-info 0:0:0 \ -rpath $(PREFIX)/lib -module -o $@ $? $(LIBS)
clean: rm -f allowed.o allowed.lo allowed.la
install: allowed.la mkdir -p $(PREFIX)/libexec/openldap $(LIBTOOL) --mode=install cp allowed.la $(PREFIX)/libexec/openldap $(LIBTOOL) --finish $(PREFIX)/libexec/openldap
--------------080500010001090702060704--