On Mar 6, 2014, at 11:51 AM, Ludwig Krispenz <lkrispen(a)redhat.com> wrote:
>> One more question. Do the searches always match only one
entry or one they should see and some they shouldn't ?
> In every case where we've seen this problem it's a search for one entry
(uid=username) that the bind dn is able to see.
what i was thinking of is a scenario where there is a cn=user1 in two subtrees, the bound
user should only see one. I remember a case where the deny for the one entry was cached
and the other entry was not returned
Oh, interesting. That is not the case for us though.
>
> Thanks for your input, we're working on repeating it reliably in 389.
That would be great
I'll see what I can do.
thanks,
-morgan