diff --git a/ldap-server/CHANGELOG b/ldap-server/CHANGELOG index 952b872f3..3653f442d 100644 --- a/ldap-server/CHANGELOG +++ b/ldap-server/CHANGELOG @@ -7,3 +7,5 @@ The protocols served by the LDAP server, such as SSL and non-encrypted, can now Fixed a bug that prevented browsing of the LDAP database in SSL mode, thanks to Paul R. Ganci. ---- Changes since 1.470 ---- Updated the module to support the new OpenLDAP LDIF-format configuration files, as seen on Ubuntu 8.10. +---- Changes since 1.510 ---- +Fixed numerous bugs in editing the new LDIF-format access control rules. diff --git a/ldap-server/acl_form.cgi b/ldap-server/acl_form.cgi index 3fb066e4c..d7c864866 100755 --- a/ldap-server/acl_form.cgi +++ b/ldap-server/acl_form.cgi @@ -41,10 +41,14 @@ if ($p->{'what'} =~ /^dn(\.([^=]+))?="(.*)"$/i || $p->{'what'} =~ /^dn(\.([^=]+))?=(.*)$/i) { $dn = $3; $style = $2; + if ($dn eq "") { + $what = 2; + } } print &ui_table_row($text{'eacl_what'}, &ui_radio_table("what", $what, [ [ 1, $text{'eacl_what1'} ], + [ 2, $text{'eacl_what2'} ], [ 0, $text{'eacl_what0'}, &ui_textbox("what_dn", $dn, 30)." ". $text{'eacl_mtype'}." ". @@ -97,7 +101,6 @@ foreach $b (@{$p->{'by'}}, { }, { }, { }) { &ui_textbox("control_$i", join(" ", @{$b->{'control'}}), 30, 0, undef, "style='width:90%'"), ], \@tds); - # XXX http://www.openldap.org/faq/data/cache/452.html $i++; } $wtable .= &ui_columns_end(); diff --git a/ldap-server/acl_save.cgi b/ldap-server/acl_save.cgi index b45e71234..5285f72de 100755 --- a/ldap-server/acl_save.cgi +++ b/ldap-server/acl_save.cgi @@ -9,12 +9,24 @@ $access{'acl'} || &error($text{'acl_ecannot'}); # Get the current rule &lock_slapd_files(); -$conf = &get_config(); -@access = &find("access", $conf); +if (&get_config_type() == 1) { + $conf = &get_config(); + @access = &find("access", $conf); + } +else { + $defdb = &get_default_db(); + $conf = &get_ldif_config(); + @access = &find_ldif("olcAccess", $conf, $defdb); + } + +# Get the ACL object if (!$in{'new'}) { $acl = $access[$in{'idx'}]; $p = &parse_ldap_access($acl); } +else { + $p = { }; + } if ($in{'delete'}) { # Just take out of access list @@ -25,6 +37,11 @@ else { if ($in{'what'} == 1) { $p->{'what'} = '*'; } + elsif ($in{'what'} == 2) { + $p->{'what'} = + 'dn'.($in{'what_style'} ? '.'.$in{'what_style'} : ''). + '=""'; + } else { $in{'what_dn'} =~ /^\S+=\S.*$/ || &error($text{'eacl_edn'}); $p->{'what'} = @@ -83,8 +100,13 @@ else { } # Write out access directives -&save_directive($conf, "access", @access); -&flush_file_lines($config{'config_file'}); +if (&get_config_type() == 1) { + &save_directive($conf, "access", @access); + } +else { + &save_ldif_directive($conf, "olcAccess", $defdb, @access); + } +&flush_file_lines(); &unlock_slapd_files(); # Log and return diff --git a/ldap-server/lang/en b/ldap-server/lang/en index 28fc22857..de52938d2 100644 --- a/ldap-server/lang/en +++ b/ldap-server/lang/en @@ -298,6 +298,7 @@ eacl_title2=Edit Access Control Rule eacl_header=LDAP database access control rule details eacl_what=Objects being granted eacl_what1=All objects +eacl_what2=Objects with no DN eacl_what0=Object with DN eacl_mtype=match type eacl_regex=regular expression diff --git a/ldap-server/ldap-server-lib.pl b/ldap-server/ldap-server-lib.pl index 5a6943ccf..c2b7a2842 100755 --- a/ldap-server/ldap-server-lib.pl +++ b/ldap-server/ldap-server-lib.pl @@ -269,7 +269,7 @@ foreach my $file (&recursive_find_ldif($config{'config_file'})) { $dir->{'value'} = $value; push(@rv, $dir); } - elsif (/^(\s+\S.*)$/ && @rv) { + elsif (/^(\s+\S.*)$/ && @rv && $rv[$#rv]->{'file'} eq $file) { # Continuation line local $dir = $rv[$#rv]; $dir->{'value'} .= $1; @@ -453,6 +453,7 @@ for(my $i=0; $i<@old || $i<@values; $i++) { foreach my $c (@$conf) { if ($c->{'line'} > $old[$i]->{'line'}) { $c->{'line'} -= $oldlen - 1; + $c->{'eline'} -= $oldlen - 1; } } } @@ -465,6 +466,7 @@ for(my $i=0; $i<@old || $i<@values; $i++) { foreach my $c (@$conf) { if ($c->{'line'} > $old[$i]->{'line'}) { $c->{'line'} -= $oldlen; + $c->{'eline'} -= $oldlen; } } }