[PATCH] do not check ACL on special DNs
Nadezhda Ivanova
nivanova at samba.org
Wed Jan 9 02:35:14 MST 2013
Hi Matt,
The acl_search in the acl module is used only to handle the
construction of the constructed attributes such as
allowedAttributesEffective.
So, since the special DNs do not have these attributes, you want to
avoid doing the search and construction?
If I am right, I think the patch is OK - only if you are sure the
special DNs do not have these attributes. Perhaps the comment should
make it clearer?
On Wed, Jan 9, 2013 at 9:36 AM, Andrew Bartlett <abartlet at samba.org> wrote:
> On Tue, 2013-01-08 at 21:53 -0800, Matthieu Patou wrote:
>> Hello,
>>
>> Can I have the review for the following patch.
>
> Can I have a bit more explanation in the commit message?
>
> I understand that an @ record isn't subject to ACLs, but can you
> elaborate on:
>
> This fix frequent reindexing when using python script with a user that
> is not system
>
> Also, what exactly do you mean by the comment:
>
> /* There are no operational attributes on special DNs */
>
> Is that just copy-and-paste, or am I missing somthing?
>
> Thanks,
>
> Andrew Bartlett
>
> --
> Andrew Bartlett http://samba.org/~abartlet/
> Authentication Developer, Samba Team http://samba.org
>
>
More information about the samba-technical
mailing list