- /*
- * It is necessary to try to rewrite attributes with
- * dn syntax because they might be used in ACLs as
- * members of groups; since ACLs are applied to the
- * rewritten stuff, no dn-based subject clause could
- * be used at the ldap backend side (see
- * http://www.OpenLDAP.org/faq/data/cache/452.html)
- * The problem can be overcome by moving the dn-based
- * ACLs to the target directory server, and letting
- * everything pass thru the ldap backend.
- */
- } else if ( strcmp( attr->a_desc->ad_type->sat_syntax->ssyn_oid,
- SLAPD_DN_SYNTAX ) == 0 ) {
- for ( bv = attr->a_vals; bv->bv_val; bv++ ) {
- struct berval newval;
-
-#ifdef ENABLE_REWRITE
- switch ( rewrite_session( li->rwinfo,
- "searchResult",
- bv->bv_val,
- op->o_conn,
- &newval.bv_val )) {
- case REWRITE_REGEXEC_OK:
- /* left as is */
- if ( newval.bv_val == NULL ) {
- break;
- }
- newval.bv_len = strlen( newval.bv_val );
-#ifdef NEW_LOGGING
- LDAP_LOG( BACK_LDAP, DETAIL1,
- "[rw] searchResult on attr=%s: \"%s\" -> \"%s\"\n",
- attr->a_desc->ad_type->sat_cname.bv_val,
- bv->bv_val, newval.bv_val );
-#else /* !NEW_LOGGING */
- Debug( LDAP_DEBUG_ARGS,
- "rw> searchResult on attr=%s: \"%s\" -> \"%s\"\n",
- attr->a_desc->ad_type->sat_cname.bv_val,
- bv->bv_val, newval.bv_val );
-#endif /* !NEW_LOGGING */
- free( bv->bv_val );
- *bv = newval;
- break;
-
- case REWRITE_REGEXEC_UNWILLING:
- LBER_FREE(bv->bv_val);
- bv->bv_val = NULL;
- if (--last < 0)
- goto next_attr;
- *bv = attr->a_vals[last];
- attr->a_vals[last].bv_val = NULL;
- bv--;
- break;
-
- case REWRITE_REGEXEC_ERR:
- /*
- * FIXME: better give up,
- * skip the attribute
- * or leave it untouched?
- */
- break;
- }
-#else /* !ENABLE_REWRITE */
- ldap_back_dn_massage( li, bv, &newval, 0, 0 );
- if ( bv->bv_val != newval.bv_val ) {
- LBER_FREE( bv->bv_val );