[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: search request not blocked by ACLs

--On Tuesday, September 10, 2019 10:52 AM +0200 Manuela Mandache <manuela3mandache@gmail.com> wrote:

- there are three branches in the directory, ou=people,dc=example,dc=com,
ou=dogs,dc=... and ou=carpets,...;
- a user has read rights on ou=dogs and none on the two other branches;
- this user makes a search with -b dc=example,dc=com and no filter.
As far as I understand, the whole content is recovered, then the people
and the carpets are dropped and only the dogs are returned.
I expected the request to be parsed against the ACLs before performing
the actual search in the directory, and so this search to be done only on

Potential targets are gathered, and ACLs applied to those results for exclusion.



Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP: