Commit f120d0e4 authored by Howard Chu's avatar Howard Chu Committed by Quanah Gibson-Mount
Browse files

ITS#9038 restrict rootDN proxyauthz to its own DBs.

Treat as normal user for any other DB.
parent 271d3336
......@@ -2062,13 +2062,14 @@ int slap_sasl_authorized( Operation *op,
goto DONE;
}
/* Allow the manager to authorize as any DN. */
if( op->o_conn->c_authz_backend &&
be_isroot_dn( op->o_conn->c_authz_backend, authcDN ))
/* Allow the manager to authorize as any DN in its own DBs. */
{
Backend *zbe = select_backend( authzDN, 1 );
if ( zbe && be_isroot_dn( zbe, authcDN )) {
rc = LDAP_SUCCESS;
goto DONE;
}
}
/* Check source rules */
if( authz_policy & SASL_AUTHZ_TO ) {
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment