RHDS - Which ACI to allow Search Right if the filter contains non-existing attribute?
Issue
Customer has an application doing LDAP queries with filters which may contain attributes that don't exist in the RHDS schema.
For instance:
# ldapsearch -D "uid=searchUser,dc=example,dc=com" -W -b "cn=users,dc=example,dc=com" \
"(&(objectclass=person)(|(uSNChanged>=0)(modifyTimestamp>=19700101080000Z))(uid=*))"
The search request was not returning any entry.
"uSNChanged" is an Active Directory attribute:
When "uSNChanged" is removed from the search filter, the expected entries are returned:
#ldapsearch -D "uid=searchUser,dc=example,dc=com" -W -b "cn=users,dc=example,dc=com" \
"(&(objectclass=person)(|(modifyTimestamp>=19700101080000Z))(uid=*))"
...
# numResponses: 42
# numEntries: 41
Environment
Red Hat Directory Server 9
Red Hat Directory Server 10
Red Hat Enterprise Linux 6.x
Red Hat Enterprise Linux 7.x
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
