[Date Prev][Date Next]
Re: access control and Search
At 12:09 PM 12/7/99 +0100, bert hubert wrote:
>On Tue, Dec 07, 1999 at 06:01:03PM +0800, Benjamin de los Angeles Jr . wrote:
>> My questions are:
>> 1. Why is it that I'm not granted access even though the access
>> for * is "search"? What are the limitations of "search" access?
>> 2. Why is it the return code is 0? Why not 50 (0x32)? which tells
>> that my access right is insufficient.
>> 3. Is there something wrong with my search query?
>AFAIK, 'search' means that you can *find* a record,
>so that you can bind to it.
'search' means you can apply a 'search' filter to it, 'read'
says search can return it to the client.
by * search
means that you can execute '(givenName=foo)' but that the
givenName attribute will not be returned as you don't have read
Search has NOTHING to do with bind. In OpenLDAP 1.x, no access
controls affect bind.