From 345fecc0f5ac93f4415cb96f53003b046fea4d8b Mon Sep 17 00:00:00 2001
From: coulbeck <coulbeck@localhost>
Date: Mon, 12 Mar 2007 20:22:47 +0000
Subject: [PATCH] Add support for subordinate subtree to ACI.

---
 opends/src/server/org/opends/server/authorization/dseecompat/UserDN.java |    6 ++++++
 1 files changed, 6 insertions(+), 0 deletions(-)

diff --git a/opends/src/server/org/opends/server/authorization/dseecompat/UserDN.java b/opends/src/server/org/opends/server/authorization/dseecompat/UserDN.java
index 4ec5643..0f88075 100644
--- a/opends/src/server/org/opends/server/authorization/dseecompat/UserDN.java
+++ b/opends/src/server/org/opends/server/authorization/dseecompat/UserDN.java
@@ -343,6 +343,12 @@
             DN parent=evalCtx.getClientDN().getParent();
             if((parent != null) && !parent.equals(urlDN))
                 return EnumEvalResult.FALSE;
+        } else if(scope == SearchScope.SUBORDINATE_SUBTREE) {
+            DN userDN = evalCtx.getClientDN();
+            if ((userDN.getNumComponents() <= urlDN.getNumComponents()) ||
+                 !userDN.isDescendantOf(urlDN)) {
+              return EnumEvalResult.FALSE;
+            }
         } else {
             if(!evalCtx.getClientDN().equals(urlDN))
                 return EnumEvalResult.FALSE;

--
Gitblit v1.10.0