ITS#6468

diff --git a/CHANGES b/CHANGES
index fb8561152b01260191aa3901b02aebc62f62034c..5e5caeed2860f8eb8f68f20ab21063fc1092c32f 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,7 @@ OpenLDAP 2.4.23 Engineering
        Fixed libldap to return server's error code (ITS#6569)
        Fixed libldap memleaks (ITS#6568)
        Fixed liblutil off-by-one with delta (ITS#6541)
+       Fixed slapd acls with glued databases (ITS#6468)
        Fixed slapd syncrepl rid logging (ITS#6533)
        Fixed slapd modrdn handling of invalid values (ITS#6570)
        Fixed slapd-bdb hasSubordinates computation (ITS#6549)

diff --git a/servers/slapd/backglue.c b/servers/slapd/backglue.c
index bd85aae44a256119daf15a6a6815fe31fa7e9c47..e9a337de64f34ba825248a2b991f6f0699f91843 100644 (file)
--- a/servers/slapd/backglue.c
+++ b/servers/slapd/backglue.c
@@ -1472,6 +1472,29 @@ glue_sub_add( BackendDB *be, int advert, int online )
        return rc;
 }
 
+static int
+glue_access_allowed(
+       Operation               *op,
+       Entry                   *e,
+       AttributeDescription    *desc,
+       struct berval           *val,
+       slap_access_t           access,
+       AccessControlState      *state,
+       slap_mask_t             *maskp )
+{
+       BackendDB *b0, *be = glue_back_select( op->o_bd, &e->e_nname );
+       int rc;
+
+       if ( be == NULL || be == op->o_bd || be->bd_info->bi_access_allowed == NULL )
+               return SLAP_CB_CONTINUE;
+
+       b0 = op->o_bd;
+       op->o_bd = be;
+       rc = be->bd_info->bi_access_allowed ( op, e, desc, val, access, state, maskp );
+       op->o_bd = b0;
+       return rc;
+}
+
 int
 glue_sub_init()
 {
@@ -1492,6 +1515,7 @@ glue_sub_init()
        glue.on_bi.bi_chk_controls = glue_chk_controls;
        glue.on_bi.bi_entry_get_rw = glue_entry_get_rw;
        glue.on_bi.bi_entry_release_rw = glue_entry_release_rw;
+       glue.on_bi.bi_access_allowed = glue_access_allowed;
 
        glue.on_response = glue_response;