On 02/16/2015 04:20 AM, Yoann Gini wrote:
Just for information, I’ve found the mechanism in OpenLDAP allowing integrators to do
stupid things: overlays.
Apple has created a customer overlay for their own services and has recently added
hardcoded value for specific request with specific attributes.
I didn’t know that overlay was able to have deep control like that over LDAP request.
I can’t thanks you for this end since no one has ever mentioned that OpenLDAP has
official hooking API on LDAP request but here is the solution for my problem and now I
know how to fix it by my own, without waiting for a fix from Apple, just patching slapd,
changing a condition in odusers_search function.
Excellent Yoann! Thank you for passing that information back. It could
help future users of the Apple version of OpenLDAP.