/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2003 The OpenLDAP Foundation.
+ * Copyright 1998-2004 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
{ LDAP_CONTROL_SYNC,
SLAP_CTRL_HIDE|SLAP_CTRL_SEARCH, NULL,
parseLDAPsync, LDAP_SLIST_ENTRY_INITIALIZER(next) },
+#ifdef LDAP_CONTROL_MODIFY_INCREMENT
{ LDAP_CONTROL_MODIFY_INCREMENT,
SLAP_CTRL_HIDE|SLAP_CTRL_MODIFY, NULL,
parseModifyIncrement, LDAP_SLIST_ENTRY_INITIALIZER(next) },
+#endif
{ LDAP_CONTROL_MANAGEDSAIT,
SLAP_CTRL_ACCESS, NULL,
parseManageDSAit, LDAP_SLIST_ENTRY_INITIALIZER(next) },
return LDAP_SUCCESS;
}
- /* FIXME: how can we get the realm? */
- {
- int rc;
- char buf[ SLAP_LDAPDN_MAXLEN ];
- struct berval id = { ctrl->ldctl_value.bv_len, (char *)buf },
- user = { 0, NULL },
- realm = { 0, NULL },
- mech = { 0, NULL };
-
- strncpy( buf, ctrl->ldctl_value.bv_val, sizeof( buf ) );
-
- rc = slap_parse_user( &id, &user, &realm, &mech );
- if ( rc == LDAP_SUCCESS ) {
- struct berval authz = BER_BVC( "AUTHZ" );
-
- if ( mech.bv_len && !bvmatch( &mech, &authz) ) {
- rs->sr_text = "mech not allowed in authzId";
- return LDAP_PROXY_AUTHZ_FAILURE;
- }
- } else {
- user = ctrl->ldctl_value;
- }
+ rc = slap_sasl_getdn( op->o_conn, op,
+ ctrl->ldctl_value.bv_val, ctrl->ldctl_value.bv_len,
+ NULL, &dn, SLAP_GETDN_AUTHZID );
- rc = slap_sasl_getdn( op->o_conn, op,
- user.bv_val, user.bv_len,
- realm.bv_val, &dn, SLAP_GETDN_AUTHZID );
-
- if( rc != LDAP_SUCCESS || !dn.bv_len ) {
- if ( dn.bv_val ) {
- ch_free( dn.bv_val );
- }
- rs->sr_text = "authzId mapping failed";
- return LDAP_PROXY_AUTHZ_FAILURE;
+ if( rc != LDAP_SUCCESS || !dn.bv_len ) {
+ if ( dn.bv_val ) {
+ ch_free( dn.bv_val );
}
+ rs->sr_text = "authzId mapping failed";
+ return LDAP_PROXY_AUTHZ_FAILURE;
+
}
#ifdef NEW_LOGGING