diff --git a/servers/slapd/aclparse.c b/servers/slapd/aclparse.c index a67c0b9ad8..f41c702ca6 100644 --- a/servers/slapd/aclparse.c +++ b/servers/slapd/aclparse.c @@ -279,7 +279,7 @@ parse_acl( { sty = ACL_STYLE_REGEX; } else if ( strcasecmp( style, "exact" ) == 0 ) { - sty = ACL_STYLE_BASE; + sty = ACL_STYLE_EXACT; } else if ( strcasecmp( style, "base" ) == 0 ) { sty = ACL_STYLE_BASE; } else if ( strcasecmp( style, "one" ) == 0 ) { @@ -607,6 +607,27 @@ parse_acl( continue; } + if ( strcasecmp( left, "set" ) == 0 ) { + if( b->a_set_pat != NULL ) { + fprintf( stderr, + "%s: line %d: set attribute already specified.\n", + fname, lineno ); + acl_usage(); + } + + if ( right == NULL || *right == '\0' ) { + fprintf( stderr, + "%s: line %d: no set is defined\n", + fname, lineno ); + acl_usage(); + } + + b->a_set_style = sty; + b->a_set_pat = ch_strdup(right); + + continue; + } + #ifdef SLAPD_ACI_ENABLED if ( strcasecmp( left, "aci" ) == 0 ) { if( b->a_aci_at != NULL ) { diff --git a/servers/slapd/slap.h b/servers/slapd/slap.h index 65d96c2d2d..f1d8de5cf4 100644 --- a/servers/slapd/slap.h +++ b/servers/slapd/slap.h @@ -104,6 +104,9 @@ LDAP_BEGIN_DECL #define SLAPD_ACI_SYNTAX "1.3.6.1.4.1.4203.666.2.1" #define SLAPD_ACI_ATTR "OpenLDAPaci" +/* change this to "OpenLDAPset" */ +#define SLAPD_ACI_SET_ATTR "template" + #define SLAPD_TOP_OID "2.5.6.0" LDAP_SLAPD_F (int) slap_debug; @@ -593,7 +596,11 @@ typedef enum slap_style_e { ACL_STYLE_BASE, ACL_STYLE_ONE, ACL_STYLE_SUBTREE, - ACL_STYLE_CHILDREN + ACL_STYLE_CHILDREN, + ACL_STYLE_ATTROF, + + /* alternate names */ + ACL_STYLE_EXACT = ACL_STYLE_BASE } slap_style_t; typedef unsigned long slap_access_mask_t; @@ -675,6 +682,8 @@ typedef struct slap_access { char *a_domain_pat; slap_style_t a_sockurl_style; char *a_sockurl_pat; + slap_style_t a_set_style; + char *a_set_pat; #ifdef SLAPD_ACI_ENABLED AttributeDescription *a_aci_at;