22 Oct
2008
22 Oct
'08
12:25 p.m.
Pierangelo Masarati wrote:
I have another issue in mind: given the above specification, if the same derefAttr appears in more than one DerefSpec, one could hardly tell which DerefSpec one DerefRes belongs to. For example:
request: { { member { cn, sn } }, { member { uid } } } response: { { member, "cn=ando" }, { member, "cn=ando" } }
because the client's identity had read access to entryDN but not to cn, sn, uid attrs, we'd have a duplicate result. Of course, this could have been much better formulated as
request: { { member { cn, sn, uid } } } response: { { member, "cn=ando" } }
for this reason I'm inclined towards requesting that each derefAttr in a sequence of DerefSpec to be unique.
Yes, that should be a requirement.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/