Howard Chu wrote:
Pierangelo Masarati wrote:
[EMAIL PROTECTED] wrote:
Add fe_access_allowed(), should allow global ACL overlays to work
This didn't handle the case of requests that are corretly honored by
the frontend itself. Please review my fix. Howard, what about
having select_backend() return the frontendDB for the appropriate
entries? Do you see any drawbacks? (all entries that don't match,
or rootDSE and cn=Subschema only?)
That sounds like an odd change in behavior. Aside from the special
entries (rootDSE, subschema) if select_backend() cannot find a match
we should be dropping the request (either with a referral or
OBJECT_NOT_FOUND).
In fact, the issue I was seeing was related to searching the rootDSE;
currently, the only entries that may need this special behavior are the
rootDSE ("") and the "cn=Subschema", and in that case they needed a
special treatment because Lukehas kind of "hijacked" the frontendDB to
make it perform ACL checking for those cases that are not handled by a
specific backend, so I agree this is special.
p.
SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497