Commit 86c20321 authored by Quanah Gibson-Mount's avatar Quanah Gibson-Mount
Browse files

ITS#5400

parent 97676d5d
......@@ -20,6 +20,8 @@ OpenLDAP 2.4.9 Engineering
Fixed slapo-syncprov/glue search ops (ITS#5434)
Fixed slapo-syncprov null cookie (ITS#5437,#5444)
Fixed slapo-syncprov double-free (ITS#5445)
Documentation
Fixed slapd.access(5) authz-regexp documented behavior (ITS#5400)
OpenLDAP 2.4.8 Release (2008/02/19)
Fixed ldapmodify verbose logging (ITS#5247)
......
......@@ -952,7 +952,8 @@ operation, requires
.B search (=s)
privileges on the
.B entry
pseudo-attribute of the searchBase (NOTE: this was introduced with 2.3).
pseudo-attribute of the searchBase
(NOTE: this was introduced with OpenLDAP 2.4).
Then, for each entry, it requires
.B search (=s)
privileges on the attributes that are defined in the filter.
......@@ -998,6 +999,10 @@ privileges are also required on the
attribute of the authorizing identity and/or on the
.B authzFrom
attribute of the authorized identity.
In general, when an internal lookup is performed for authentication
or authorization purposes, search-specific privileges (see the access
requirements for the search operation illustrated above) are relaxed to
.BR auth .
.LP
Access control to search entries is checked by the frontend,
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment