[Date Prev][Date Next] [Chronological] [Thread] [Top]
Re: (ITS#7673)

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#7673)
From: pierangelo.masarati@polimi.it
Date: Wed, 4 Sep 2013 20:47:04 GMT
Auto-submitted: auto-generated (OpenLDAP-ITS)
On 09/04/2013 10:22 PM, Russell.Mosemann@cune.edu wrote:
> --_000_B01302EA11DF7D40B2AD9CBEC71B02562C4A3ED5exchange2cunepr_
> Content-Type: text/plain; charset="us-ascii"
> Content-Transfer-Encoding: quoted-printable
>
> The lookup succeeds, and the returned entry is run through the searchEntryD=
> N context. It appears that somewhere in or around there all of the attribut=
> es are removed except for the requested attributes. That means the ACL filt=
> er will fail, if the filter attributes are not requested in the query. If t=
> he requested attributes include the filter attributes, the query succeeds, =
> but the result only returns the dn without any other attributes.
>
> If no attributes are requested, all allowed attributes are returned.
>
> The man page indicates that searchEntryDN should not be applied, because it=
>   is not defined, and there is no default.

Try rwm-drop-unrequested-attrs no (slapo-rwm(5)).

p.

>
>
> --_000_B01302EA11DF7D40B2AD9CBEC71B02562C4A3ED5exchange2cunepr_
> Content-Type: text/html; charset="us-ascii"
> Content-Transfer-Encoding: quoted-printable
>
> <html xmlns:v=3D"urn:schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-micr=
> osoft-com:office:office" xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
> xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml"; xmlns=3D"http:=
> //www.w3.org/TR/REC-html40">
> <head>
> <meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dus-ascii"=
>>
> <meta name=3D"Generator" content=3D"Microsoft Word 14 (filtered medium)">
> <style><!--
> /* Font Definitions */
> @font-face
> 	{font-family:"Cambria Math";
> 	panose-1:2 4 5 3 5 4 6 3 2 4;}
> @font-face
> 	{font-family:Calibri;
> 	panose-1:2 15 5 2 2 2 4 3 2 4;}
> /* Style Definitions */
> p.MsoNormal, li.MsoNormal, div.MsoNormal
> 	{margin:0in;
> 	margin-bottom:.0001pt;
> 	font-size:11.0pt;
> 	font-family:"Calibri","sans-serif";}
> a:link, span.MsoHyperlink
> 	{mso-style-priority:99;
> 	color:blue;
> 	text-decoration:underline;}
> a:visited, span.MsoHyperlinkFollowed
> 	{mso-style-priority:99;
> 	color:purple;
> 	text-decoration:underline;}
> span.EmailStyle17
> 	{mso-style-type:personal-compose;
> 	font-family:"Times New Roman","serif";
> 	color:windowtext;}
> .MsoChpDefault
> 	{mso-style-type:export-only;
> 	font-family:"Calibri","sans-serif";}
> @page WordSection1
> 	{size:8.5in 11.0in;
> 	margin:1.0in 1.0in 1.0in 1.0in;}
> div.WordSection1
> 	{page:WordSection1;}
> --></style><!--[if gte mso 9]><xml>
> <o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
> </xml><![endif]--><!--[if gte mso 9]><xml>
> <o:shapelayout v:ext=3D"edit">
> <o:idmap v:ext=3D"edit" data=3D"1" />
> </o:shapelayout></xml><![endif]-->
> </head>
> <body lang=3D"EN-US" link=3D"blue" vlink=3D"purple">
> <div class=3D"WordSection1">
> <p class=3D"MsoNormal"><span style=3D"font-size:12.0pt;font-family:&quot;Ti=
> mes New Roman&quot;,&quot;serif&quot;">The lookup succeeds, and the returne=
> d entry is run through the searchEntryDN context. It appears that somewhere=
>   in or around there all of the attributes are removed except
>   for the requested attributes. That means the ACL filter will fail, if the =
> filter attributes are not requested in the query. If the requested attribut=
> es include the filter attributes, the query succeeds, but the result only r=
> eturns the dn without any other
>   attributes.<o:p></o:p></span></p>
> <p class=3D"MsoNormal"><span style=3D"font-size:12.0pt;font-family:&quot;Ti=
> mes New Roman&quot;,&quot;serif&quot;"><o:p>&nbsp;</o:p></span></p>
> <p class=3D"MsoNormal"><span style=3D"font-size:12.0pt;font-family:&quot;Ti=
> mes New Roman&quot;,&quot;serif&quot;">If no attributes are requested, all =
> allowed attributes are returned.<o:p></o:p></span></p>
> <p class=3D"MsoNormal"><span style=3D"font-size:12.0pt;font-family:&quot;Ti=
> mes New Roman&quot;,&quot;serif&quot;"><o:p>&nbsp;</o:p></span></p>
> <p class=3D"MsoNormal"><span style=3D"font-size:12.0pt;font-family:&quot;Ti=
> mes New Roman&quot;,&quot;serif&quot;">The man page indicates that searchEn=
> tryDN should not be applied, because it is not defined, and there is no def=
> ault.<o:p></o:p></span></p>
> <p class=3D"MsoNormal"><span style=3D"font-size:12.0pt;font-family:&quot;Ti=
> mes New Roman&quot;,&quot;serif&quot;"><o:p>&nbsp;</o:p></span></p>
> </div>
> </body>
> </html>
>
> --_000_B01302EA11DF7D40B2AD9CBEC71B02562C4A3ED5exchange2cunepr_--
>
>
>
>
>


-- 
Pierangelo Masarati
Associate Professor
Dipartimento di Scienze e Tecnologie Aerospaziali
Politecnico di Milano
Prev by Date: (ITS#7673)
Next by Date: RE: (ITS#7673)
Index(es):
- Chronological
- Thread