continue;
}
+ Debug( LDAP_DEBUG_ACL, "<= check a_group_pat: %s\n",
+ b->a_group_pat.bv_val, 0, 0 );
+
/* b->a_group is an unexpanded entry name, expanded it should be an
* entry with objectclass group* and we test to see if odn is one of
* the values in the attribute group
}
if ( b->a_set_pat.bv_len != 0 ) {
- struct berval bv;
- char buf[ACL_BUF_SIZE];
- if( b->a_set_style == ACL_STYLE_REGEX ){
+ struct berval bv;
+ char buf[ACL_BUF_SIZE];
+
+ Debug( LDAP_DEBUG_ACL, "<= check a_set_pat: %s\n",
+ b->a_set_pat.bv_val, 0, 0 );
+
+ if ( b->a_set_style == ACL_STYLE_REGEX ) {
bv.bv_len = sizeof(buf) - 1;
bv.bv_val = buf;
string_expand( &bv, &b->a_set_pat, e->e_ndn, matches );
- }else{
+ } else {
bv = b->a_set_pat;
}
- if (aci_match_set( &bv, op, e, 0 ) == 0) {
+
+ if ( aci_match_set( &bv, op, e, 0 ) == 0) {
continue;
}
}
BerVarray bvals = NULL;
int ret,stop;
+ Debug( LDAP_DEBUG_ACL, " <= check a_aci_at: %s\n",
+ b->a_aci_at->ad_cname.bv_val, 0, 0 );
+
/* this case works different from the others above.
* since aci's themselves give permissions, we need
* to first check b->a_access_mask, the ACL's access level.