Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Issue 5989 - RFE support of inChain Matching Rule
Bug description: Computation of membership (like 'memberof') is a common issue. The issue is more expensive to solve when there are nested membership. For example "gives me all the groups this entry belongs to" or "gives me all subordinates having this manager". Either the LDAP client computes the values or dedicated plugin (like 'memberof') maintains direct membership attribute for the LDAP client. InChain Matching Rule allow a LDAP client to request the server to compute this membership. Fix description: The implementation is designed https://www.port389.org/docs/389ds/design/matching-rule-in-chain.html A specific fix in aclanom.c because inChain MR adds a acl DENY on 'cn=config'. There was a bug that cleared anonymous aci if the it existed a DENY acl anywhere (except a specific list of entries like 'cn=monitor'). It triggered a failure on chaining backend suite relates: 389ds#5989 Reviewed by: William Brown, Mark Reynolds, Pierre Rogier, Simon Pichugin (Thanks !)
- Loading branch information
