>>We do, see slapi_over_response() in slapi/slapi_overlay.c (formerly >>slapi_op_response()). > >I see. I wonder if calling slapi_int_call_plugins() without placing the >original bd_info and be_private is appropriate.
I think a better solution, which I have working now, is to have access_allowed() call frontendDB->bd_info->bi_access_allowed() (which is ordinarily slap_access_allowed()) in the case that the backend did not provide a bi_access_allowed implementation. That allows global overlays to implement ACL checking. -- Luke --
