[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Read access vs. Search access

Marcin Radecki wrote:
> Hi all,
> In LDAP we have some access rights to grant,
> (none|compare|search|read|write). I can't think out
> how the 'search' access works. For example:
> If I can 'search' (but can't read) what can I do
> with it? Have I got message: ok, this entry
> is in subtree? But what next?
> I have not tested it, I'm only trying get the point.

You got it: you can be able to search for a specific
value in an attribute but no read ability; as a result
you can simply assess whether a value you already know 
is there, but you cannot list all the availabe values.

Example: you may check whether you're member of a group
or not, by searching for "member=<your dn>", but you 
cannot list all the members unless you know their dns.


Dr. Pierangelo Masarati    mailto:ando@sys-net.it
Developer, SysNet s.n.c.   http://www.sys-net.it