ITS#9038 restrict rootDN proxyauthz to its own DBs.

Treat as normal user for any other DB.
This commit is contained in:
Howard Chu 2019-06-19 12:29:02 +01:00
parent bc61773904
commit fbe5611e60

View File

@ -2062,12 +2062,13 @@ int slap_sasl_authorized( Operation *op,
goto DONE; goto DONE;
} }
/* Allow the manager to authorize as any DN. */ /* Allow the manager to authorize as any DN in its own DBs. */
if( op->o_conn->c_authz_backend &&
be_isroot_dn( op->o_conn->c_authz_backend, authcDN ))
{ {
rc = LDAP_SUCCESS; Backend *zbe = select_backend( authzDN, 1 );
goto DONE; if ( zbe && be_isroot_dn( zbe, authcDN )) {
rc = LDAP_SUCCESS;
goto DONE;
}
} }
/* Check source rules */ /* Check source rules */