diff options
| author | Noriko Hosoi <nhosoi@redhat.com> | 2010-10-15 10:56:45 -0700 |
|---|---|---|
| committer | Noriko Hosoi <nhosoi@redhat.com> | 2010-10-15 10:56:45 -0700 |
| commit | 0b7a84653e5819f52fc22f3783d9c2a1dc84e941 (patch) | |
| tree | 3648c63b797a6aa302dc316d7a39f5db6df8f730 /lib/libaccess/userauth.cpp | |
| parent | 032790e3bea8b4b61372a5b84926c83da2e03eef (diff) | |
| download | ds-0b7a84653e5819f52fc22f3783d9c2a1dc84e941.tar.gz ds-0b7a84653e5819f52fc22f3783d9c2a1dc84e941.tar.xz ds-0b7a84653e5819f52fc22f3783d9c2a1dc84e941.zip | |
Bug 244229 - targetattr not verified against schema when setting an aci
https://bugzilla.redhat.com/show_bug.cgi?id=244229
Description:
1. When acl contains targetattr keyword:
(targetattr [!]= "attribute_1 || attribute_2 ...|| attribute_n"),
where attribute_n does not contain '*', the current ACL plugin
accepts any attribute_n value even if it is not defined in the
schema. This patch rejects the aci if it contains attribute_n
not defined in schema with this error message:
NSACLPlugin - targetattr "attribute_n" does not exist in schema.
Please add attributeTypes "attribute_n" to schema if necessary.
The message is logged in the error log as well as returned to
the client.
2. To implement 1, slapi APIs slapi_attr_syntax_exists is added.
3. An attributeTypes "connection" is added to 01core389.ldif which
is referred in an aci of cn=monitor.
Diffstat (limited to 'lib/libaccess/userauth.cpp')
0 files changed, 0 insertions, 0 deletions