} else {
BER_BVSTR( &group_oc, SLAPD_GROUP_CLASS );
+ BER_BVSTR( &member_at, SLAPD_GROUP_ATTR );
}
group_dn.bv_val++;
group_dn.bv_len = uri->bv_len - ( group_dn.bv_val - uri->bv_val );
AttributeDescription *ad,
struct berval *authc )
{
- int rc;
- BerVarray vals = NULL;
+ int rc,
+ do_not_cache = op->o_do_not_cache;
+ BerVarray vals = NULL;
Debug( LDAP_DEBUG_TRACE,
"==>slap_sasl_check_authz: does %s match %s rule in %s?\n",
assertDN->bv_val, ad->ad_cname.bv_val, searchDN->bv_val);
+ /* ITS#4760: don't cache group access */
+ op->o_do_not_cache = 1;
rc = backend_attribute( op, NULL, searchDN, ad, &vals, ACL_AUTH );
+ op->o_do_not_cache = do_not_cache;
if( rc != LDAP_SUCCESS ) goto COMPLETE;
/* Check if the *assertDN matches any *vals */