If I add this filter=(&(objectClass=*)), I also get the expected result.
I'm wondering if a "search" privilege needs to be granted somewhere and
"(objectClass=*)" is a a loophole that bypasses the need for the "search"
privilege. What happens if you say "filter=(&(objectClass=*))" ?
Sean.
On 1/08/2023 10:34 pm, Marc wrote:
I have a ldapsearch that returns this object
sendmailMTAClassName: w
sendmailMTAClassValue: xxx
sendmailMTAClassValue: yyy
sendmailMTAClassValue: zzz
objectClass: sendmailMTA
objectClass: sendmailMTAClass
I thought I could strengthen the acl by just appending to with a filter
but if I add these below, the ldapsearch does not return anything err=32
filter=(objectClass=sendmailMTAClass)
filter=(|(objectClass=sendmailMTAClass)(objectClass=sendmailMTA))
filter=(|(objectClass=sendmailMTAClass)(objectClass=sendmailMTA))
filter=(objectClass=sendmailMTA*)
If I change the filter to this, I get the expected result again
filter=(objectClass=*)
Goal is to have ldapsearch only list the specific objectClasses. Or should
I do
this with listing only attributes.
