mirror of
https://git.openldap.org/openldap/openldap.git
synced 2024-12-21 03:10:25 +08:00
ITS#9038 restrict rootDN proxyauthz to its own DBs.
Treat as normal user for any other DB.
This commit is contained in:
parent
bc61773904
commit
fbe5611e60
@ -2062,12 +2062,13 @@ int slap_sasl_authorized( Operation *op,
|
|||||||
goto DONE;
|
goto DONE;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Allow the manager to authorize as any DN. */
|
/* Allow the manager to authorize as any DN in its own DBs. */
|
||||||
if( op->o_conn->c_authz_backend &&
|
|
||||||
be_isroot_dn( op->o_conn->c_authz_backend, authcDN ))
|
|
||||||
{
|
{
|
||||||
rc = LDAP_SUCCESS;
|
Backend *zbe = select_backend( authzDN, 1 );
|
||||||
goto DONE;
|
if ( zbe && be_isroot_dn( zbe, authcDN )) {
|
||||||
|
rc = LDAP_SUCCESS;
|
||||||
|
goto DONE;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Check source rules */
|
/* Check source rules */
|
||||||
|
Loading…
Reference in New Issue
Block a user