2284e50 LDAP: Skip dereferenced entries that we are not permitted to read

Authored and Committed by jhrozek 9 years ago
    LDAP: Skip dereferenced entries that we are not permitted to read
    
    https://fedorahosted.org/sssd/ticket/2421
    
    In case we dereference an entry, for which we have /some/ permissions
    for reading, but we only request attributes that we can't access, the
    dereference control only returns the DN.
    
    This is also the case with the current version of 389DS for cases where
    no entries at all are readable. In this case, the server should not return
    the DN at all, though. This DS bug was tracked as
    https://fedorahosted.org/389/ticket/47885
    
    Reviewed-by: Michal Židek <mzidek@redhat.com>
    
        
file modified
+4 -3