mirror/openldap
2
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2025-01-06 10:46:21 +08:00
Code Issues Packages Projects Releases Wiki Activity

Require compare (not read) access to entry attr for compare ops

Browse Source
This commit is contained in:
Howard Chu 2007-12-27 00:51:45 +00:00
parent 64f81ee43b
commit b0a0ac4914
2 changed files with 2 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
doc/man/man5/slapd-sock.5
View File

@ -186,11 +186,8 @@ to the underlying program.
The The
.B compare .B compare
operation requires operation requires
.B read (=r)
access (FIXME: wouldn't
.B compare (=c) .B compare (=c)
be a more appropriate choice?) access to the
to the
.B entry .B entry
pseudo-attribute pseudo-attribute
of the object whose value is being asserted; of the object whose value is being asserted;

2
servers/slapd/back-sock/compare.c
View File

@ -48,7 +48,7 @@ sock_back_compare(
e.e_private = NULL; e.e_private = NULL;
if ( ! access_allowed( op, &e, if ( ! access_allowed( op, &e,
entry, NULL, ACL_READ, NULL ) ) entry, NULL, ACL_COMPARE, NULL ) )
{ {
send_ldap_error( op, rs, LDAP_INSUFFICIENT_ACCESS, NULL ); send_ldap_error( op, rs, LDAP_INSUFFICIENT_ACCESS, NULL );
return -1; return -1;