[Freeipa-devel] [PATCH 0133] Require 389-ds-base >= 1.3.5.6
Ludwig Krispenz
lkrispen at redhat.com
Thu Jun 16 10:12:23 UTC 2016
On 06/16/2016 12:00 PM, Petr Spacek wrote:
> Hello,
>
> Require 389-ds-base >= 1.3.5.6
>
> Old DS handles LDAP filters incorrectly
no. Old DS handles filters strictly as documented in the admin guide,
requiring access rights to each attribute used in the search filter.
This was known and applications had to adapt, in your case there would
have had to be two searches one with the (&()()) filter and one with
(|()()()()).
This was improved in the latest version and componets withou access are
ignored in filter evaluation to avoid the problems you did run into.
otherwise your fix is ok
Ludwig
> and breaks bind-dyndb-ldap.
> See https://www.redhat.com/archives/freeipa-devel/2016-June/msg00477.html
>
> https://fedorahosted.org/freeipa/ticket/2008
>
>
>
--
Red Hat GmbH, http://www.de.redhat.com/, Registered seat: Grasbrunn,
Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Charles Cachera, Michael Cunningham, Michael O'Neill, Eric Shander
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20160616/2aa7e66c/attachment.htm>
More information about the Freeipa-devel
mailing list