[Date Prev][Date Next]
Re: Read access vs. Search access
Marcin Radecki wrote:
> Hi all,
> In LDAP we have some access rights to grant,
> (none|compare|search|read|write). I can't think out
> how the 'search' access works. For example:
> If I can 'search' (but can't read) what can I do
> with it? Have I got message: ok, this entry
> is in subtree? But what next?
> I have not tested it, I'm only trying get the point.
You got it: you can be able to search for a specific
value in an attribute but no read ability; as a result
you can simply assess whether a value you already know
is there, but you cannot list all the availabe values.
Example: you may check whether you're member of a group
or not, by searching for "member=<your dn>", but you
cannot list all the members unless you know their dns.
Dr. Pierangelo Masarati mailto:email@example.com
Developer, SysNet s.n.c. http://www.sys-net.it