Pierangelo Masarati wrote:
[EMAIL PROTECTED] wrote:
Update of /repo/OpenLDAP/pkg/ldap/servers/slapd/overlays
Modified Files:
syncprov.c 1.102 -> 1.103
Log Message:
ITS#3989 fix ID used for syncprov_findbase
I guess a similar fix is required elsewhere, whenever the identity of
an operation is changed. For instance, in ACIs, I need to set the
identity that climbs the tree to the rootdn to avoid chicken and egg
issues during access checking, and I only set op->o_ndn; something
similar occurs in other pieces of code where internal operations must
be performed wth a different identity. Does o_dn and o_authz need to
be consistently set in all these cases?
o_dn is only used for logging purposes, as far as I recall. But there
are other fields in o_authz (e.g. ssf related) that may be relevant for
ACL evaluation. However, if you're just using the rootdn anyway, those
issues are moot.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc
OpenLDAP Core Team http://www.openldap.org/project/
