From pierangelo.masarati@polimi.it Wed Sep  4 20:47:04 2013
From: pierangelo.masarati@polimi.it
To: openldap-bugs@openldap.org
Subject: Re: (ITS#7673)
Date: Wed, 04 Sep 2013 20:47:04 +0000
Message-ID: <201309042047.r84Kl4Rq043414@boole.openldap.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============5156554279873146677=="

--===============5156554279873146677==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

On 09/04/2013 10:22 PM, Russell.Mosemann(a)cune.edu wrote:
> --_000_B01302EA11DF7D40B2AD9CBEC71B02562C4A3ED5exchange2cunepr_
> Content-Type: text/plain; charset=3D"us-ascii"
> Content-Transfer-Encoding: quoted-printable
>
> The lookup succeeds, and the returned entry is run through the searchEntryD=
=3D
> N context. It appears that somewhere in or around there all of the attribut=
=3D
> es are removed except for the requested attributes. That means the ACL filt=
=3D
> er will fail, if the filter attributes are not requested in the query. If t=
=3D
> he requested attributes include the filter attributes, the query succeeds, =
=3D
> but the result only returns the dn without any other attributes.
>
> If no attributes are requested, all allowed attributes are returned.
>
> The man page indicates that searchEntryDN should not be applied, because it=
=3D
>   is not defined, and there is no default.

Try rwm-drop-unrequested-attrs no (slapo-rwm(5)).

p.

>
>
> --_000_B01302EA11DF7D40B2AD9CBEC71B02562C4A3ED5exchange2cunepr_
> Content-Type: text/html; charset=3D"us-ascii"
> Content-Transfer-Encoding: quoted-printable
>
> <html xmlns:v=3D3D"urn:schemas-microsoft-com:vml" xmlns:o=3D3D"urn:schemas-=
micr=3D
> osoft-com:office:office" xmlns:w=3D3D"urn:schemas-microsoft-com:office:word=
" =3D
> xmlns:m=3D3D"http://schemas.microsoft.com/office/2004/12/omml" xmlns=3D3D"h=
ttp:=3D
> //www.w3.org/TR/REC-html40">
> <head>
> <meta http-equiv=3D3D"Content-Type" content=3D3D"text/html; charset=3D3Dus-=
ascii"=3D
>>
> <meta name=3D3D"Generator" content=3D3D"Microsoft Word 14 (filtered medium)=
">
> <style><!--
> /* Font Definitions */
> @font-face
> 	{font-family:"Cambria Math";
> 	panose-1:2 4 5 3 5 4 6 3 2 4;}
> @font-face
> 	{font-family:Calibri;
> 	panose-1:2 15 5 2 2 2 4 3 2 4;}
> /* Style Definitions */
> p.MsoNormal, li.MsoNormal, div.MsoNormal
> 	{margin:0in;
> 	margin-bottom:.0001pt;
> 	font-size:11.0pt;
> 	font-family:"Calibri","sans-serif";}
> a:link, span.MsoHyperlink
> 	{mso-style-priority:99;
> 	color:blue;
> 	text-decoration:underline;}
> a:visited, span.MsoHyperlinkFollowed
> 	{mso-style-priority:99;
> 	color:purple;
> 	text-decoration:underline;}
> span.EmailStyle17
> 	{mso-style-type:personal-compose;
> 	font-family:"Times New Roman","serif";
> 	color:windowtext;}
> .MsoChpDefault
> 	{mso-style-type:export-only;
> 	font-family:"Calibri","sans-serif";}
> @page WordSection1
> 	{size:8.5in 11.0in;
> 	margin:1.0in 1.0in 1.0in 1.0in;}
> div.WordSection1
> 	{page:WordSection1;}
> --></style><!--[if gte mso 9]><xml>
> <o:shapedefaults v:ext=3D3D"edit" spidmax=3D3D"1026" />
> </xml><![endif]--><!--[if gte mso 9]><xml>
> <o:shapelayout v:ext=3D3D"edit">
> <o:idmap v:ext=3D3D"edit" data=3D3D"1" />
> </o:shapelayout></xml><![endif]-->
> </head>
> <body lang=3D3D"EN-US" link=3D3D"blue" vlink=3D3D"purple">
> <div class=3D3D"WordSection1">
> <p class=3D3D"MsoNormal"><span style=3D3D"font-size:12.0pt;font-family:&quo=
t;Ti=3D
> mes New Roman&quot;,&quot;serif&quot;">The lookup succeeds, and the returne=
=3D
> d entry is run through the searchEntryDN context. It appears that somewhere=
=3D
>   in or around there all of the attributes are removed except
>   for the requested attributes. That means the ACL filter will fail, if the=
 =3D
> filter attributes are not requested in the query. If the requested attribut=
=3D
> es include the filter attributes, the query succeeds, but the result only r=
=3D
> eturns the dn without any other
>   attributes.<o:p></o:p></span></p>
> <p class=3D3D"MsoNormal"><span style=3D3D"font-size:12.0pt;font-family:&quo=
t;Ti=3D
> mes New Roman&quot;,&quot;serif&quot;"><o:p>&nbsp;</o:p></span></p>
> <p class=3D3D"MsoNormal"><span style=3D3D"font-size:12.0pt;font-family:&quo=
t;Ti=3D
> mes New Roman&quot;,&quot;serif&quot;">If no attributes are requested, all =
=3D
> allowed attributes are returned.<o:p></o:p></span></p>
> <p class=3D3D"MsoNormal"><span style=3D3D"font-size:12.0pt;font-family:&quo=
t;Ti=3D
> mes New Roman&quot;,&quot;serif&quot;"><o:p>&nbsp;</o:p></span></p>
> <p class=3D3D"MsoNormal"><span style=3D3D"font-size:12.0pt;font-family:&quo=
t;Ti=3D
> mes New Roman&quot;,&quot;serif&quot;">The man page indicates that searchEn=
=3D
> tryDN should not be applied, because it is not defined, and there is no def=
=3D
> ault.<o:p></o:p></span></p>
> <p class=3D3D"MsoNormal"><span style=3D3D"font-size:12.0pt;font-family:&quo=
t;Ti=3D
> mes New Roman&quot;,&quot;serif&quot;"><o:p>&nbsp;</o:p></span></p>
> </div>
> </body>
> </html>
>
> --_000_B01302EA11DF7D40B2AD9CBEC71B02562C4A3ED5exchange2cunepr_--
>
>
>
>
>


--=20
Pierangelo Masarati
Associate Professor
Dipartimento di Scienze e Tecnologie Aerospaziali
Politecnico di Milano



--===============5156554279873146677==--