On 09/04/2013 10:22 PM, Russell.Mosemann@cune.edu wrote:
--_000_B01302EA11DF7D40B2AD9CBEC71B02562C4A3ED5exchange2cunepr_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable
The lookup succeeds, and the returned entry is run through the searchEntryD= N context. It appears that somewhere in or around there all of the attribut= es are removed except for the requested attributes. That means the ACL filt= er will fail, if the filter attributes are not requested in the query. If t= he requested attributes include the filter attributes, the query succeeds, = but the result only returns the dn without any other attributes.
If no attributes are requested, all allowed attributes are returned.
The man page indicates that searchEntryDN should not be applied, because it= is not defined, and there is no default.
Try rwm-drop-unrequested-attrs no (slapo-rwm(5)).
p.
--_000_B01302EA11DF7D40B2AD9CBEC71B02562C4A3ED5exchange2cunepr_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable
<html xmlns:v=3D"urn:schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-micr= osoft-com:office:office" xmlns:w=3D"urn:schemas-microsoft-com:office:word" = xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" xmlns=3D"http:= //www.w3.org/TR/REC-html40"> <head> <meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dus-ascii"= > <meta name=3D"Generator" content=3D"Microsoft Word 14 (filtered medium)"> <style><!-- /* Font Definitions */ @font-face {font-family:"Cambria Math"; panose-1:2 4 5 3 5 4 6 3 2 4;} @font-face {font-family:Calibri; panose-1:2 15 5 2 2 2 4 3 2 4;} /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {margin:0in; margin-bottom:.0001pt; font-size:11.0pt; font-family:"Calibri","sans-serif";} a:link, span.MsoHyperlink {mso-style-priority:99; color:blue; text-decoration:underline;} a:visited, span.MsoHyperlinkFollowed {mso-style-priority:99; color:purple; text-decoration:underline;} span.EmailStyle17 {mso-style-type:personal-compose; font-family:"Times New Roman","serif"; color:windowtext;} .MsoChpDefault {mso-style-type:export-only; font-family:"Calibri","sans-serif";} @page WordSection1 {size:8.5in 11.0in; margin:1.0in 1.0in 1.0in 1.0in;} div.WordSection1 {page:WordSection1;} --></style><!--[if gte mso 9]><xml> <o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" /> </xml><![endif]--><!--[if gte mso 9]><xml> <o:shapelayout v:ext=3D"edit"> <o:idmap v:ext=3D"edit" data=3D"1" /> </o:shapelayout></xml><![endif]--> </head> <body lang=3D"EN-US" link=3D"blue" vlink=3D"purple"> <div class=3D"WordSection1"> <p class=3D"MsoNormal"><span style=3D"font-size:12.0pt;font-family:"Ti= mes New Roman","serif"">The lookup succeeds, and the returne= d entry is run through the searchEntryDN context. It appears that somewhere= in or around there all of the attributes are removed except for the requested attributes. That means the ACL filter will fail, if the = filter attributes are not requested in the query. If the requested attribut= es include the filter attributes, the query succeeds, but the result only r= eturns the dn without any other attributes.<o:p></o:p></span></p> <p class=3D"MsoNormal"><span style=3D"font-size:12.0pt;font-family:"Ti= mes New Roman","serif""><o:p> </o:p></span></p> <p class=3D"MsoNormal"><span style=3D"font-size:12.0pt;font-family:"Ti= mes New Roman","serif"">If no attributes are requested, all = allowed attributes are returned.<o:p></o:p></span></p> <p class=3D"MsoNormal"><span style=3D"font-size:12.0pt;font-family:"Ti= mes New Roman","serif""><o:p> </o:p></span></p> <p class=3D"MsoNormal"><span style=3D"font-size:12.0pt;font-family:"Ti= mes New Roman","serif"">The man page indicates that searchEn= tryDN should not be applied, because it is not defined, and there is no def= ault.<o:p></o:p></span></p> <p class=3D"MsoNormal"><span style=3D"font-size:12.0pt;font-family:"Ti= mes New Roman","serif""><o:p> </o:p></span></p> </div> </body> </html>
--_000_B01302EA11DF7D40B2AD9CBEC71B02562C4A3ED5exchange2cunepr_--