|
Normal referral are "simple" LDAP URL like : ldap://root.openldap.org/dc=openldap,dc=org
To select more precisely what can be read through AACL filter backend, we develop a control to support full URL as extended referral :
- ldap://root.openldap.org/dc=openldap,dc=org?cn,sn,displayName,mail?sub?objectClass=inetOrgPerson
- This mean, that when we find this referral during a search on our directory :
- We look forward on host root.openldap.org
- under dc=openldap,dc=org
- to the minimum of the set of attributes specified in the ldap search query and in this url
- with the filter to which we had the "limitation" specified as the last part of the url
- with a scope that is the minimum between the scope specified in the query and in the url.
But must important, the OID of this control : "1.3.6.1.4.1.13129.1.6.1".
|
