Hello, Just for information, I’ve found the mechanism in OpenLDAP allowing integrators to do stupid things: overlays.
Apple has created a customer overlay for their own services and has recently added hardcoded value for specific request with specific attributes. http://www.opensource.apple.com/source/OpenLDAP/OpenLDAP-499.27/OpenLDAP/servers/slapd/overlays/odusers.c I didn’t know that overlay was able to have deep control like that over LDAP request. I can’t thanks you for this end since no one has ever mentioned that OpenLDAP has official hooking API on LDAP request but here is the solution for my problem and now I know how to fix it by my own, without waiting for a fix from Apple, just patching slapd, changing a condition in odusers_search function. Best regards, Yoann
smime.p7s
Description: S/MIME cryptographic signature
