From: Julio Sánchez Fernández <jsanchez@openldap.org>
Date: Mon, 9 Oct 2000 19:09:22 +0000 (+0000)
Subject: Permit access defined by uniqueMember and not only DN-valued
X-Git-Tag: LDBM_PRE_GIANT_RWLOCK~1797
X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=6777a3a41a385b0611993345f0c03f2123cc42a4;p=openldap

Permit access defined by uniqueMember and not only DN-valued
attributes.  This allows using groupOfUniqueNames for
access control.
Fix small typo in MRA definition.
---

diff --git a/servers/slapd/aclparse.c b/servers/slapd/aclparse.c
index d3b88bc6ec..1784fbbcb4 100644
--- a/servers/slapd/aclparse.c
+++ b/servers/slapd/aclparse.c
@@ -508,7 +508,9 @@ parse_acl(
 					}
 
 					if( !is_at_syntax( b->a_group_at->ad_type,
-						SLAPD_DN_SYNTAX ) )
+						SLAPD_DN_SYNTAX ) &&
+					    !is_at_syntax( b->a_group_at->ad_type,
+						SLAPD_NAMEUID_SYNTAX ) )
 					{
 						fprintf( stderr,
 							"%s: line %d: group \"%s\": inappropriate syntax: %s\n",
diff --git a/servers/slapd/slap.h b/servers/slapd/slap.h
index e4cad6f129..cde23a7d89 100644
--- a/servers/slapd/slap.h
+++ b/servers/slapd/slap.h
@@ -103,6 +103,7 @@ LDAP_BEGIN_DECL
 
 /* must match in schema_init.c */
 #define SLAPD_DN_SYNTAX			"1.3.6.1.4.1.1466.115.121.1.12"
+#define SLAPD_NAMEUID_SYNTAX		"1.3.6.1.4.1.1466.115.121.1.34"
 #define SLAPD_GROUP_ATTR		"member"
 #define SLAPD_GROUP_CLASS		"groupOfNames"
 #define SLAPD_ROLE_ATTR			"roleOccupant"
@@ -527,7 +528,7 @@ typedef struct slap_filter {
 #define f_mr_rule		f_un.f_un_mra->ma_rule
 #define f_mr_desc		f_un.f_un_mra->ma_desc
 #define f_mr_value		f_un.f_un_mra->ma_value
-#define	f_mr_dnaddrs	f_un.f_un_mra->ma_dnattrs
+#define	f_mr_dnattrs	f_un.f_un_mra->ma_dnattrs
 
 		/* and, or, not */
 		struct slap_filter *f_un_complex;