On 10/26/2011 08:11 PM, Viktor Dukhovni wrote: > The LDAP table driver considers entries that match the query filter, > but which lack the requested attributes, or have only empty values > for the requested attributes to not be matching attributes. The Postfix > dictionary abstraction above the Postfix LDAP driver therefore only sees > entries with non-empty result (or leaf or terminal) attributes.
Hi Victor and others, So in other words you want to say, that "our implementation of ldap lookup table is strongly tied to LDAP ACLs. When I have enought rights to read something from LDAP, entry exists, and when my drunk LDAP admin thinks, that I have too much rights, lookup will fail, even when I got 1 entry match". Wake up guys. When you are doing lookups especialy when result is not used anywhere, why do you care you can read something from LDAP or not? When you get a DN (and DN you get always if there is a match), that's it, entry found. LDAP protocol is a beauty. The masterpiece is how you are using it. -- Pagarbiai, Nerijus Kislauskas KTU ITPI, Litnet valdymo centras Studentu g. 48a - 101, Kaunas tel.: (8~37) 30 06 45 mob. tel.: 8-614-93889 e-mail.: nerijus.kislaus...@ktu.lt
