[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Dereference Control

Pierangelo Masarati wrote:
I have another issue in mind: given the above specification, if the same
derefAttr appears in more than one DerefSpec, one could hardly tell
which DerefSpec one DerefRes belongs to.  For example:

	request: { { member { cn, sn } }, { member { uid } } }
	response: { { member, "cn=ando" }, { member, "cn=ando" } }

because the client's identity had read access to entryDN but not to cn,
sn, uid attrs, we'd have a duplicate result.  Of course, this could have
been much better formulated as

	request: { { member { cn, sn, uid } } }
	response: { { member, "cn=ando" } }

for this reason I'm inclined towards requesting that each derefAttr in a
sequence of DerefSpec to be unique.

Yes, that should be a requirement.

  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/