Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in / Register
Toggle navigation
Menu
Open sidebar
Lukas However
OpenLDAP
Commits
f120d0e4
Commit
f120d0e4
authored
Jun 19, 2019
by
Howard Chu
Committed by
Quanah Gibson-Mount
Jun 20, 2019
Browse files
ITS#9038 restrict rootDN proxyauthz to its own DBs.
Treat as normal user for any other DB.
parent
271d3336
Changes
1
Hide whitespace changes
Inline
Side-by-side
servers/slapd/saslauthz.c
View file @
f120d0e4
...
...
@@ -2062,12 +2062,13 @@ int slap_sasl_authorized( Operation *op,
goto
DONE
;
}
/* Allow the manager to authorize as any DN. */
if
(
op
->
o_conn
->
c_authz_backend
&&
be_isroot_dn
(
op
->
o_conn
->
c_authz_backend
,
authcDN
))
/* Allow the manager to authorize as any DN in its own DBs. */
{
rc
=
LDAP_SUCCESS
;
goto
DONE
;
Backend
*
zbe
=
select_backend
(
authzDN
,
1
);
if
(
zbe
&&
be_isroot_dn
(
zbe
,
authcDN
))
{
rc
=
LDAP_SUCCESS
;
goto
DONE
;
}
}
/* Check source rules */
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment