Commit 86c20321 authored by Quanah Gibson-Mount's avatar Quanah Gibson-Mount
Browse files

ITS#5400

parent 97676d5d
...@@ -20,6 +20,8 @@ OpenLDAP 2.4.9 Engineering ...@@ -20,6 +20,8 @@ OpenLDAP 2.4.9 Engineering
Fixed slapo-syncprov/glue search ops (ITS#5434) Fixed slapo-syncprov/glue search ops (ITS#5434)
Fixed slapo-syncprov null cookie (ITS#5437,#5444) Fixed slapo-syncprov null cookie (ITS#5437,#5444)
Fixed slapo-syncprov double-free (ITS#5445) Fixed slapo-syncprov double-free (ITS#5445)
Documentation
Fixed slapd.access(5) authz-regexp documented behavior (ITS#5400)
OpenLDAP 2.4.8 Release (2008/02/19) OpenLDAP 2.4.8 Release (2008/02/19)
Fixed ldapmodify verbose logging (ITS#5247) Fixed ldapmodify verbose logging (ITS#5247)
......
...@@ -952,7 +952,8 @@ operation, requires ...@@ -952,7 +952,8 @@ operation, requires
.B search (=s) .B search (=s)
privileges on the privileges on the
.B entry .B entry
pseudo-attribute of the searchBase (NOTE: this was introduced with 2.3). pseudo-attribute of the searchBase
(NOTE: this was introduced with OpenLDAP 2.4).
Then, for each entry, it requires Then, for each entry, it requires
.B search (=s) .B search (=s)
privileges on the attributes that are defined in the filter. privileges on the attributes that are defined in the filter.
...@@ -998,6 +999,10 @@ privileges are also required on the ...@@ -998,6 +999,10 @@ privileges are also required on the
attribute of the authorizing identity and/or on the attribute of the authorizing identity and/or on the
.B authzFrom .B authzFrom
attribute of the authorized identity. attribute of the authorized identity.
In general, when an internal lookup is performed for authentication
or authorization purposes, search-specific privileges (see the access
requirements for the search operation illustrated above) are relaxed to
.BR auth .
.LP .LP
Access control to search entries is checked by the frontend, Access control to search entries is checked by the frontend,
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment