RHDS - Which ACI to allow Search Right if the filter contains non-existing attribute?
Issue
Customer has an application doing LDAP queries with filters which may contain attributes that don't exist in the RHDS schema.
For instance:
# ldapsearch -D "uid=searchUser,dc=example,dc=com" -W -b "cn=users,dc=example,dc=com" \
"(&(objectclass=person)(|(uSNChanged>=0)(modifyTimestamp>=19700101080000Z))(uid=*))"
The search request was not returning any entry.
"uSNChanged" is an Active Directory attribute:
When "uSNChanged" is removed from the search filter, the expected entries are returned:
#ldapsearch -D "uid=searchUser,dc=example,dc=com" -W -b "cn=users,dc=example,dc=com" \
"(&(objectclass=person)(|(modifyTimestamp>=19700101080000Z))(uid=*))"
...
# numResponses: 42
# numEntries: 41
Environment
Red Hat Directory Server 9
Red Hat Directory Server 10
Red Hat Enterprise Linux 6.x
Red Hat Enterprise Linux 7.x
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.