diff options
| author | Nathan Kinder <nkinder@redhat.com> | 2008-11-26 22:42:12 +0000 |
|---|---|---|
| committer | Nathan Kinder <nkinder@redhat.com> | 2008-11-26 22:42:12 +0000 |
| commit | 6e5a17f5264a20d504a6e98dfc31f1cf278f363b (patch) | |
| tree | 333761f60d17e4a1afbfca7e90cc82028feb06e1 /ldap/servers/slapd/back-ldbm/ldbm_search.c | |
| parent | 97f52d81060f75b0f8a2411b69f6f427665765b6 (diff) | |
| download | ds-6e5a17f5264a20d504a6e98dfc31f1cf278f363b.tar.gz ds-6e5a17f5264a20d504a6e98dfc31f1cf278f363b.tar.xz ds-6e5a17f5264a20d504a6e98dfc31f1cf278f363b.zip | |
Resolves: 220532
Summary: Add access to RUV by users other than "cn=Directory Manager".
Diffstat (limited to 'ldap/servers/slapd/back-ldbm/ldbm_search.c')
| -rw-r--r-- | ldap/servers/slapd/back-ldbm/ldbm_search.c | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/ldap/servers/slapd/back-ldbm/ldbm_search.c b/ldap/servers/slapd/back-ldbm/ldbm_search.c index d8b7f063..600a9c47 100644 --- a/ldap/servers/slapd/back-ldbm/ldbm_search.c +++ b/ldap/servers/slapd/back-ldbm/ldbm_search.c @@ -1203,11 +1203,17 @@ ldbm_back_next_search_entry_ext( Slapi_PBlock *pb, int use_extension ) if((slapi_entry_flag_is_set(e->ep_entry,SLAPI_ENTRY_LDAPSUBENTRY) && !filter_flag_is_set(filter,SLAPI_FILTER_LDAPSUBENTRY)) || (slapi_entry_flag_is_set(e->ep_entry,SLAPI_ENTRY_FLAG_TOMBSTONE) - && (!isroot || !filter_flag_is_set(filter, SLAPI_FILTER_TOMBSTONE)))) + && ((!isroot && !filter_flag_is_set(filter, SLAPI_FILTER_RUV)) || + !filter_flag_is_set(filter, SLAPI_FILTER_TOMBSTONE)))) { /* If the entry is an LDAP subentry and filter don't filter subentries OR * the entry is a TombStone and filter don't filter Tombstone - * don't return the entry + * don't return the entry. We make a special case to allow a non-root user + * to search for the RUV entry using a filter of: + * + * "(&(objectclass=nstombstone)(nsuniqueid=ffffffff-ffffffff-ffffffff-ffffffff))" + * + * For this RUV case, we let the ACL check apply. */ /* ugaston - we don't want to mistake this filter failure with the one below due to ACL, * because whereas the former should be read as 'no entry must be returned', the latter |