> >>>We do, see slapi_over_response() in slapi/slapi_overlay.c (formerly >>>slapi_op_response()). >> >>I see. I wonder if calling slapi_int_call_plugins() without placing the >>original bd_info and be_private is appropriate. > > I think a better solution, which I have working now, is to have > access_allowed() call frontendDB->bd_info->bi_access_allowed() > (which is ordinarily slap_access_allowed()) in the case that > the backend did not provide a bi_access_allowed implementation. > > That allows global overlays to implement ACL checking.
but this is not working, because the BackendDB data loses information about the rootdn, the per-backend ACLs and so (for instance, test002 is no longer working...). I'll back out acl.c:1.280 until we find a better solution. p. -- Pierangelo Masarati mailto:[EMAIL PROTECTED] SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497
