}
}
- if ( b->a_dn_at != NULL && op->o_ndn != NULL ) {
+ if ( b->a_dn_at != NULL ) {
Attribute *at;
struct berval bv;
int rc, match = 0;
assert( attr != NULL );
+ if( op->o_ndn == NULL || op->o_ndn[0] == '\0' ) {
+ continue;
+ }
+
Debug( LDAP_DEBUG_ACL, "<= check a_dn_at: %s\n",
attr, 0, 0);
bv.bv_val = op->o_ndn;
}
}
- if ( b->a_group_pat != NULL && op->o_ndn != NULL ) {
+ if ( b->a_group_pat != NULL ) {
char buf[1024];
+ if( op->o_ndn == NULL || op->o_ndn[0] == '\0' ) {
+ continue;
+ }
+
/* b->a_group is an unexpanded entry name, expanded it should be an
* entry with objectclass group* and we test to see if odn is one of
* the values in the attribute group
by dnattr=member selfwrite
by * read
+access to attr=member filter=(mail=*edu)
+ by * read
+
access to filter="objectclass=groupofnames"
by dn.base="cn=Bjorn Jensen, ou=Information Technology Division, ou=People, o=University of Michigan,c=US" =sc continue
by dn="^cn=Bjorn Jensen,ou=Information Technology Division,ou=People,o=University of Michigan,c=US$" +rw stop
by * break
+
+
# fall into global ACLs
+
+