[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: access control and Search



At 12:09 PM 12/7/99 +0100, bert hubert wrote:
>On Tue, Dec 07, 1999 at 06:01:03PM +0800, Benjamin de los Angeles Jr . wrote:
>
>> My questions are:
>> 
>> 1. Why is it that I'm not granted access even though the access 
>>    for * is "search"?  What are the limitations of "search" access?
>> 2. Why is it the return code is 0?  Why not 50 (0x32)?  which tells
>>    that my access right is insufficient. 
>> 3. Is there something wrong with my search query?
>
>AFAIK, 'search' means that you can *find* a record,
>so that you can bind to it.

'search' means you can apply a 'search' filter to it, 'read'
says search can return it to the client.

For example:
	access attr=givenName
		by * search

means that you can execute '(givenName=foo)' but that the
givenName attribute will not be returned as you don't have read
access.

Search has NOTHING to do with bind.  In OpenLDAP 1.x, no access
controls affect bind.