Brad Midgley wrote:
That case looks bogus: you're comparing two different queries, which, BTW, simultaneously appear in your log example. One is querying for an objectClass of posixAccount, and, of course, the query results in that trailing "1=1" that puzzles you, because "posixAccount" doesn't know how to map "uid" into a table's column; the second is querying for "inetOrgPerson", which knows very well how to map "uid" into a table's column. The fix is simply to remove "posixAccount" from "ldap_oc_mappings", leaving in place the view that fills "ldap_entry_objclasses" with "posixAccount" for everybody (the two usages of "posixAccount" are totally unrelated; moreover, I suggest to use only structural objectClasses in ldap_oc_mappings and auxiliary objectClasses in ldap_entry_objclasses to avoid these problems.Pierangelo
[ACL change affects SQL statement scope]
There should be something else, since in back-sql's search (or search related)
code there isn't any single interaction with ACLs; it all occurs in the frontend.
p.
SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497