[yast-commit] r60582 - /branches/SuSE-Code-11-SP1-Branch/ldap-server/src/LdapServer.pm - YaST Commits

27 Jan 2010

Author: rhafer
Date: Wed Jan 27 17:03:37 2010
New Revision: 60582

URL: http://svn.opensuse.org/viewcvs/yast?rev=60582&view=rev
Log:
Assure that syncrepl ACL is always the first ACL (bnc#574346)

Modified:
    branches/SuSE-Code-11-SP1-Branch/ldap-server/src/LdapServer.pm

Modified: branches/SuSE-Code-11-SP1-Branch/ldap-server/src/LdapServer.pm
URL: http://svn.opensuse.org/viewcvs/yast/branches/SuSE-Code-11-SP1-Branch/ldap-server/src/LdapServer.pm?rev=60582&r1=60581&r2=60582&view=diff
==============================================================================

--- branches/SuSE-Code-11-SP1-Branch/ldap-server/src/LdapServer.pm (original)
+++ branches/SuSE-Code-11-SP1-Branch/ldap-server/src/LdapServer.pm Wed Jan 27 17:03:37 2010
@@ -1947,6 +1947,54 @@
 {
     my ($self, $dbIndex, $acllist ) = @_;
     y2debug("ChangeDatabaseAcl: ".Data::Dumper->Dump([$acllist]) );
+
+    # Check whether this is a slave database, if yes locate the 
+    # syncrepl related ACL and move it to the top. This is to ensure
+    # that syncrepl clients have read access to everything
+    my $syncrepl = $self->ReadSyncRepl( $dbIndex );
+    if ( $syncrepl && scalar(keys %{$syncrepl}) && $syncrepl->{'binddn'} ne "" )
+    {
+        my $acllist_sorted=[];
+        my $syncacl={};
+        my $found=0;
+
+        foreach my $rule ( @{$acllist} )
+        {
+            if ( !$found && (keys %{$rule->{'target'}} == 0) )
+            {
+                # this rule matches all db entries, check if it gives
+                # read access to the syncrepl id
+                foreach my $access ( @{$rule->{'access'}} )
+                {
+                    if ( $access->{'type'} eq "dn.base" && 
+                         lc($access->{'value'}) eq lc($syncrepl->{'binddn'} ) &&
+                         ($access->{'level'} eq "read" || $access->{'level'} eq "write")
+                       )
+                    {
+                        y2milestone("Found syncrepl ACL, moving to first position");
+                        $syncacl=$rule;
+                        $found=1;
+                        last;
+                    }
+                }
+                if( $found )
+                {
+                    next;
+                }
+            }
+            push @{$acllist_sorted}, $rule;
+        }
+        if ( $found ) 
+        {
+            # push syncrepl acl on top
+            push @{$acllist_sorted}, $syncacl;
+            $acllist = [ $syncacl ];
+            push @{$acllist}, @{$acllist_sorted};
+        }
+    }
+
+
+
     my $rc = SCR->Write(".ldapserver.database.{".$dbIndex."}.acl", $acllist );
     if ( ! $rc )
     {

-- 
To unsubscribe, e-mail: yast-commit+unsubscribe@opensuse.org
For additional commands, e-mail: yast-commit+help@opensuse.org

    

[yast-commit] r60582 - /branches/SuSE-Code-11-SP1-Branch/ldap-server/src/LdapServer.pm

rhafer＠svn.opensuse.org

tags

participants (1)