#include "config.h"
-#define CONFIG_DN "cn=config"
+static struct berval config_rdn = BER_BVC("cn=config");
+static struct berval access_rdn = BER_BVC("cn=access");
#ifdef SLAPD_MODULES
typedef struct modpath_s {
*cfAd_include;
static ObjectClass *cfOc_global, *cfOc_backend, *cfOc_database,
- *cfOc_include, *cfOc_overlay;
+ *cfOc_include, *cfOc_overlay, *cfOc_access;
static ConfigFile cf_prv, *cfn = &cf_prv;
"NAME 'olcGlobal' "
"DESC 'OpenLDAP Global configuration options' "
"SUP olcConfig STRUCTURAL "
- "MAY ( olcAccess $ olcAllows $ olcArgsFile $ olcAttributeOptions $ "
+ "MAY ( olcAllows $ olcArgsFile $ olcAttributeOptions $ "
"olcAuthIDRewrite $ olcAuthzPolicy $ olcAuthzRegexp $ "
"olcConcurrency $ olcConnMaxPending $ olcConnMaxPendingAuth $ "
"olcDefaultSearchBase $ olcDisallows $ olcGentleHUP $ "
"NAME 'olcDatabaseConfig' "
"DESC 'OpenLDAP Database-specific options' "
"SUP olcConfig STRUCTURAL "
- "MAY ( olcAccess $ olcDatabase $ olcLastMod $ olcLimits $ "
+ "MAY ( olcDatabase $ olcLastMod $ olcLimits $ "
"olcMaxDerefDepth $ olcPlugin $ olcReadOnly $ olcReplica $ "
"olcReplogFile $ olcRequires $ olcRestrict $ olcRootDN $ olcRootPW $ "
"olcSchemaDN $ olcSecurity $ olcSizeLimit $ olcSuffix $ olcSyncrepl $ "
"DESC 'OpenLDAP Overlay-specific options' "
"SUP olcConfig STRUCTURAL "
"MAY ( olcOverlay ) )", &cfOc_overlay },
+ { "( OLcfgOc:8 "
+ "NAME 'olcACL' "
+ "DESC 'OpenLDAP Access Control List' "
+ "SUP olcConfig STRUCTURAL "
+ "MUST ( olcAccess ) )", &cfOc_access },
{ NULL, NULL }
};
vals[0].bv_len = rdn->bv_len - (vals[0].bv_val - rdn->bv_val);
attr_merge(e, ad, vals, NULL );
- for (at=oc->soc_allowed;*at;at++) {
+ for (at=oc->soc_required; at && *at; at++) {
+ /* Skip the naming attr */
+ if ((*at)->sat_ad == ad || (*at)->sat_ad == slap_schema.si_ad_cn )
+ continue;
+ for (i=0;ct[i].name;i++) {
+ if (ct[i].ad == (*at)->sat_ad)
+ break;
+ }
+ rc = config_get_vals(&ct[i], c);
+ if (rc == LDAP_SUCCESS) {
+ attr_merge(e, ct[i].ad, c->rvalue_vals, c->rvalue_nvals);
+ ber_bvarray_free( c->rvalue_nvals );
+ ber_bvarray_free( c->rvalue_vals );
+ }
+ }
+
+ for (at=oc->soc_allowed; at && *at; at++) {
/* Skip the naming attr */
if ((*at)->sat_ad == ad || (*at)->sat_ad == slap_schema.si_ad_cn )
continue;
ConfigTable *ct;
/* create root of tree */
- ber_str2bv( CONFIG_DN, STRLENOF( CONFIG_DN ), 0, &rdn );
+ rdn = config_rdn;
e = config_alloc_entry( NULL, &rdn );
ce = e->e_private;
cfb->cb_root = ce;
oprev = ce;
}
}
+ /* Set up ACLs */
+ if ( bptr->be_acl ) {
+ Entry *ae;
+ CfEntryInfo *opar = ce;
+
+ ae = config_alloc_entry( &e->e_nname, &access_rdn );
+ ce = ae->e_private;
+ c.be = bptr;
+ c.bi = bi;
+ ce->ce_be = c.be;
+ ce->ce_bi = c.bi;
+ config_build_entry( &c, ae, cfOc_access, &access_rdn, ct,
+ NO_TABLE );
+ if ( opar->ce_kids ) {
+ ce->ce_sibs = opar->ce_kids;
+ }
+ opar->ce_kids = ce;
+ }
}
return 0;
cfb->cb_config = &cf_prv;
be->be_private = cfb;
- ber_str2bv( CONFIG_DN, 0, 1, &be->be_rootdn );
+ ber_dupbv( &be->be_rootdn, &config_rdn );
ber_dupbv( &be->be_rootndn, &be->be_rootdn );
ber_dupbv( &dn, &be->be_rootdn );
ber_bvarray_add( &be->be_suffix, &dn );
projects / openldap / commitdiff