[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: attribute search help

"Pitts, David S" <dsp6855@qx.net> writes:

> access to * filter="(Security=PRIVATE)"
>  by users read
> access to * filter="(Security=PUBLIC)"
>  by * read
> of course, this won't work if the client does not request the "security" 
> attribute.  The question becomes (assuming everything I have said above is 
> true), "How do I force the attribute "security" to be returned (and, thus, 
> filtered upon) every time the server is accessed?


Does not work like that?  It should. I think your understanding of
access control in slapd is wrong, I don't think this case is
influenced by what filter was used in the search.

Slapd retrieves the complete entry from disk or cache and has it at
hand as a whole while evaluating the access control lists to decide
what data, if any, to return to the client.

I'd be surprised if it the filter used in the search would make any