https://fedorahosted.org/389/ticket/47571 https://fedorahosted.org/389/attachment/ticket/47571/0001-Ticket-47571-targetattr-ACIs-ignore-subtype.patch Description: Subtypes in targetattr, userattr in aci as well as filter and attribute list in the search are supported. * If targetattr contains subtypes, the base type only as well as other subtypes are not allowed to access (or denied to access). * If userattr contains subtypes, the base type as well as other subtypes in entries do not match the userattr value. * If attribute list in search has a base type attribute, and a targetattr has a type with subtypes, then only the subtyped value is returned. E.g., attribute list: sn targetattr: sn;en ==> sn;en: <sn-en-value> is returned but sn or sn;fr is not. If attribute list has a type with subtype, then if the targetattr allows the subtype, the value is returned. E.g., attribute list: sn;en targetattr: sn;en ==> sn;en: <sn-en-value> is returned but sn or sn;fr is not. 1) slapd/attr.c Added another compare type SLAPI_TYPE_CMP_SUBTYPES to comp_cmp which is called by slapi_attr_type_cmp to support full compare subtypes. 2) plugin/acl.c: Added a helper function acl__attr_subtype_cmp, which calls slapi_attr_type_ cmp with SLAPI_TYPE_CMP_SUBTYPES if a type in aci contains subtypes. Some slapi_attr_type_cmp takes SLAPI_TYPE_CMP_SUBTYPES instead of BASE, which was one of the causes of ignoring subtypes. 3) slapd/search.c,result.c send_all_attrs/send_specific_attrs use a dontsendattr array to control the duplicate attribute types. Replaced the logic with a simpler one by creating an charray with no duplicates. -- 389-devel mailing list 389-devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-devel
