10 Sep
2019
10 Sep
'19
8:42 a.m.
--On Tuesday, September 10, 2019 10:52 AM +0200 Manuela Mandache manuela3mandache@gmail.com wrote:
E.g.:
- there are three branches in the directory, ou=people,dc=example,dc=com,
ou=dogs,dc=... and ou=carpets,...;
- a user has read rights on ou=dogs and none on the two other branches;
- this user makes a search with -b dc=example,dc=com and no filter.
As far as I understand, the whole content is recovered, then the people and the carpets are dropped and only the dogs are returned. I expected the request to be parsed against the ACLs before performing the actual search in the directory, and so this search to be done only on ou=dogs.
Potential targets are gathered, and ACLs applied to those results for exclusion.
---Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com