sgc_ents = (struct mod_auth_ldap_groupattr_entry_t *) subgroupclasses->elts;
- /* XXX: attrs should not be required, they're just a secondary filtering */
if (!subgroupAttrs) {
return res;
}
}
/* try to do the search */
- /* XXX: this filter should include the subgroup object classes! */
result = ldap_search_ext_s(ldc->ldap, (char *)dn, LDAP_SCOPE_BASE,
(char *)"cn=*", subgroupAttrs, 0,
NULL, NULL, NULL, APR_LDAP_SIZELIMIT, &sga_res);
*/
while (values[val_index]) {
/* Check if this entry really is a group. */
-
- /* XXX: This has to be wrong, we're iterating over subgroup attributes,
- * but checking the objectClass of the subgroup. This could have been a filter.
- */
-
tmp_sgcIndex = 0;
result = LDAP_COMPARE_FALSE;
while ((tmp_sgcIndex < subgroupclasses->nelts)
&& (result != LDAP_COMPARE_TRUE)) {
result = uldap_cache_compare(r, ldc, url,
- values[val_index], /* candidate subgroup DN */
+ values[val_index],
"objectClass",
sgc_ents[tmp_sgcIndex].name
);
}
}
/* It's a group, so add it to the array. */
-
- /* XXX: Hold on -- we never actually checked that the subgroup DN had any "subgroupattrs" in it.
- * Maybe it's never actually been useful, IOW that objectClass is enough.
- */
-
if (result == LDAP_COMPARE_TRUE) {
char **newgrp = (char **) apr_array_push(subgroups);
*newgrp = apr_pstrdup(r->pool, values[val_index]);
projects / thirdparty / apache / httpd.git / commitdiff
