Require compare (not read) access to entry attr for compare ops

This commit is contained in:
Howard Chu 2007-12-27 00:51:45 +00:00
parent 64f81ee43b
commit b0a0ac4914
2 changed files with 2 additions and 5 deletions

View File

@ -186,11 +186,8 @@ to the underlying program.
The
.B compare
operation requires
.B read (=r)
access (FIXME: wouldn't
.B compare (=c)
be a more appropriate choice?)
to the
access to the
.B entry
pseudo-attribute
of the object whose value is being asserted;

View File

@ -48,7 +48,7 @@ sock_back_compare(
e.e_private = NULL;
if ( ! access_allowed( op, &e,
entry, NULL, ACL_READ, NULL ) )
entry, NULL, ACL_COMPARE, NULL ) )
{
send_ldap_error( op, rs, LDAP_INSUFFICIENT_ACCESS, NULL );
return -1;