mirror of https://github.com/OpenIdentityPlatform/OpenDJ.git
parent: 9ed1aa | patch | commitdiff
dugan
01.15.2007 571884cec31d00f0c1b9de186fb1bbac17d289d5
refs
author dugan <dugan@localhost>
Wednesday, August 1, 2007 03:15 +0200
committer dugan <dugan@localhost>
Wednesday, August 1, 2007 03:15 +0200
commit571884cec31d00f0c1b9de186fb1bbac17d289d5
tree 72fb37fcc8d31e8867a8eacc5abd1e7f98d62971 tree | zip | gz
parent 9ed1aa4c7e06ce3a1aced22493485a2c81000710 view | diff 
Add ACI support to control whether a  "smart referral" (named subordinate references -- RFC 3296)
may be returned to a client. Smart referral entries contain the referral objectclass and
have one or more "ref" attributes containing LDAP URLS. The ref attribute type has usage
distributedOperation, so the operational shorthand '+' character can be used to match it:

(targetattr="+")(version 3.0; acl "ref wild-card"; allow(read) userdn="ldap:///anyone";)

or it can be explicitly used:

(targetattr="ref")(version 3.0; acl "ref"; allow(read) userdn="ldap:///anyone";)

It is also possible to add an ACI on the referral entry itself:

dn: uid=smart, ou=People, dc=example, dc=com
objectclass: top
objectClass: extensibleobject
objectClass: referral
ref: ldap://kansashost/OU=People,O=Kansas,C=US
ref: ldap://texashost/OU=People,O=Texas,C=US
aci: (targetattr = "ref")(version 3.0; acl "add_aci"; allow (read) userdn="ldap://anyone";)
1 files added
16 files modified
387 ■■■■ changed files
opendj-sdk/opends/src/server/org/opends/server/api/AccessControlHandler.java 10 ●●●● diff | view | raw | blame | history
opendj-sdk/opends/src/server/org/opends/server/authorization/dseecompat/AciHandler.java 49 ●●●● diff | view | raw | blame | history
opendj-sdk/opends/src/server/org/opends/server/authorization/dseecompat/AciListenerManager.java 12 ●●●●● diff | view | raw | blame | history
opendj-sdk/opends/src/server/org/opends/server/backends/jeb/DN2URI.java 2 ●●● diff | view | raw | blame | history
opendj-sdk/opends/src/server/org/opends/server/core/DefaultAccessControlHandler.java 2 ●●● diff | view | raw | blame | history
opendj-sdk/opends/src/server/org/opends/server/core/SearchOperation.java 4 ●●● diff | view | raw | blame | history
opendj-sdk/opends/src/server/org/opends/server/core/SearchOperationBasis.java 4 ●●●● diff | view | raw | blame | history
opendj-sdk/opends/src/server/org/opends/server/core/SearchOperationWrapper.java 4 ●●●● diff | view | raw | blame | history
opendj-sdk/opends/src/server/org/opends/server/types/operation/PreOperationSearchOperation.java 5 ●●●● diff | view | raw | blame | history
opendj-sdk/opends/src/server/org/opends/server/types/operation/PreParseSearchOperation.java 14 ●●●●● diff | view | raw | blame | history
opendj-sdk/opends/tests/unit-tests-testng/src/server/org/opends/server/authorization/dseecompat/AciTestCase.java 57 ●●●● diff | view | raw | blame | history
opendj-sdk/opends/tests/unit-tests-testng/src/server/org/opends/server/authorization/dseecompat/AlternateRootDN.java 2 ●●● diff | view | raw | blame | history
opendj-sdk/opends/tests/unit-tests-testng/src/server/org/opends/server/authorization/dseecompat/ExtOpTestCase.java 2 ●●● diff | view | raw | blame | history
opendj-sdk/opends/tests/unit-tests-testng/src/server/org/opends/server/authorization/dseecompat/GetEffectiveRightsTestCase.java 2 ●●● diff | view | raw | blame | history
opendj-sdk/opends/tests/unit-tests-testng/src/server/org/opends/server/authorization/dseecompat/ReferencesTestCase.java 214 ●●●●● diff | view | raw | blame | history
opendj-sdk/opends/tests/unit-tests-testng/src/server/org/opends/server/authorization/dseecompat/TargetAttrTestCase.java 2 ●●● diff | view | raw | blame | history
opendj-sdk/opends/tests/unit-tests-testng/src/server/org/opends/server/authorization/dseecompat/TargetControlTestCase.java 2 ●●● diff | view | raw | blame | history