[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Q: meaning of ACL "disclose" access

To: Ulrich Windl <Ulrich.Windl@rz.uni-regensburg.de>, openldap-technical@openldap.org
Subject: Re: Q: meaning of ACL "disclose" access
From: Howard Chu <hyc@symas.com>
Date: Mon, 26 Nov 2018 17:16:14 +0000
In-reply-to: <5BF51EEF020000A10002E2FB@gwsmtp1.uni-regensburg.de>
References: <5BF51EEF020000A10002E2FB@gwsmtp1.uni-regensburg.de>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:56.0) Gecko/20100101 Firefox/56.0 SeaMonkey/2.53

Ulrich Windl wrote:
> Hi!
> 
> The manual page slapd.access explains: "The disclose access level allows disclosure of information on error."
> 
> I don't quite understand what this is saying: Can the requester find out a specific object or attribute exists without actually reading its value?

Basically, yes. If you attempt an operation on an entry that doesn't have Disclose access,
you'll get a NO_SUCH_OBJECT error instead of whatever other error code might have applied.

-- 
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/

References:
- Q: meaning of ACL "disclose" access
  - From: "Ulrich Windl" <Ulrich.Windl@rz.uni-regensburg.de>

Prev by Date: Re: fast delete a lot of entries
Next by Date: Re: fast delete a lot of entries
Index(es):
- Chronological
- Thread