freeipa

IntenseWebs/freeipa

Fork 0

mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-01-01 11:47:11 -06:00

Commit Graph

Author	SHA1	Message	Date
Rob Crittenden	eca7cdc94a	Raise more specific error when an Objectclass Violation occurs Fix the virtual plugin to work with the new backend	2009-09-14 09:46:39 -04:00
Rob Crittenden	e31d5fb1cf	Implement support for non-LDAP-based actions that use the LDAP ACI subsystem. There are some operations, like those for the certificate system, that don't need to write to the directory server. So instead we have an entry that we test against to determine whether the operation is allowed or not. This is done by attempting a write on the entry. If it would succeed then permission is granted. If not then denied. The write we attempt is actually invalid so the write itself will fail but the attempt will fail first if access is not permitted, so we can distinguish between the two without polluting the entry.	2009-07-10 16:41:05 -04:00

Author

SHA1

Message

Date

Rob Crittenden

eca7cdc94a

Raise more specific error when an Objectclass Violation occurs Fix the virtual plugin to work with the new backend

2009-09-14 09:46:39 -04:00

Rob Crittenden

e31d5fb1cf

Implement support for non-LDAP-based actions that use the LDAP ACI subsystem.

There are some operations, like those for the certificate system, that
don't need to write to the directory server. So instead we have an entry
that we test against to determine whether the operation is allowed or not.

This is done by attempting a write on the entry. If it would succeed then
permission is granted. If not then denied. The write we attempt is actually
invalid so the write itself will fail but the attempt will fail first if
access is not permitted, so we can distinguish between the two without
polluting the entry.

2009-07-10 16:41:05 -04:00

2 Commits