diff options
| author | Nathan Kinder <nkinder@boraras.localdomain> | 2009-07-30 19:18:20 -0700 |
|---|---|---|
| committer | Nathan Kinder <nkinder@boraras.localdomain> | 2009-07-30 19:18:20 -0700 |
| commit | dd31da50b1c09a22727640585fab39cf95ce2aa5 (patch) | |
| tree | debaa3343c238cea399cac8aa144f1ad50c38095 /ldap | |
| parent | b1c7eacf47f7e068260fac7d3c372d3fcb82f82a (diff) | |
| download | ds-dd31da50b1c09a22727640585fab39cf95ce2aa5.tar.gz ds-dd31da50b1c09a22727640585fab39cf95ce2aa5.tar.xz ds-dd31da50b1c09a22727640585fab39cf95ce2aa5.zip | |
Bug 514848: Make selfwrite ACI keyword with with Name And Optional UID syntax attributes.
The selfwrite ACI keyword currently only applies when writing to attributes
using the Distringuished Name syntax. It needs to also work with the Name And
Optional UID syntax since that is the syntax used for the uniqueMember
attribute.
Diffstat (limited to 'ldap')
| -rw-r--r-- | ldap/servers/plugins/acl/acl.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/ldap/servers/plugins/acl/acl.c b/ldap/servers/plugins/acl/acl.c index d62796fc..df2f4e42 100644 --- a/ldap/servers/plugins/acl/acl.c +++ b/ldap/servers/plugins/acl/acl.c @@ -351,8 +351,9 @@ acl_access_allowed( slapi_attr_get_syntax_oid_copy(sa, &oid); /* We only want to perform this check if the attribute is - * defined using the DN syntax. */ - if (oid && (strcasecmp(oid, DN_SYNTAX_OID) == 0)) { + * defined using the DN or Name And Optional UID syntaxes. */ + if (oid && ((strcasecmp(oid, DN_SYNTAX_OID) == 0) || + (strcasecmp(oid, NAMEANDOPTIONALUID_SYNTAX_OID) == 0))) { /* should use slapi_sdn_compare() but that'a an extra malloc/free */ char *dn_val_to_write = slapi_dn_normalize(slapi_ch_strdup(val->bv_val)); if ( aclpb->aclpb_authorization_sdn && |