Q: meaning of ACL "disclose" access - openldap-technical - openldap.org

List overview All Threads
Download

Q: meaning of ACL "disclose" access

SSL_library_init in -lssl... no,...

N-Way MMR between local LDAP and...

Ulrich Windl

21 Nov 2018 21 Nov '18

1:01 a.m.

Hi!

The manual page slapd.access explains: "The disclose access level allows disclosure of information on error."

I don't quite understand what this is saying: Can the requester find out a specific object or attribute exists without actually reading its value?

Regards, Ulrich

Reply

Show replies by date

Howard Chu

26 Nov 26 Nov

9:16 a.m.

Ulrich Windl wrote:

Hi!

The manual page slapd.access explains: "The disclose access level allows disclosure of information on error."

I don't quite understand what this is saying: Can the requester find out a specific object or attribute exists without actually reading its value?

Basically, yes. If you attempt an operation on an entry that doesn't have Disclose access, you'll get a NO_SUCH_OBJECT error instead of whatever other error code might have applied.

-- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

Reply

2188

Age (days ago)

2193

Last active (days ago)

openldap-technical@openldap.org

1 comments

2 participants

tags (0)

participants (2)

Howard Chu
Ulrich Windl