--On Tuesday, September 10, 2019 10:52 AM +0200 Manuela Mandache <[email protected]> wrote:
E.g.: - there are three branches in the directory, ou=people,dc=example,dc=com, ou=dogs,dc=... and ou=carpets,...; - a user has read rights on ou=dogs and none on the two other branches; - this user makes a search with -b dc=example,dc=com and no filter. As far as I understand, the whole content is recovered, then the people and the carpets are dropped and only the dogs are returned. I expected the request to be parsed against the ACLs before performing the actual search in the directory, and so this search to be done only on ou=dogs.
Potential targets are gathered, and ACLs applied to those results for exclusion.
---Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>
