On Mar 6, 2014, at 11:51 AM, Ludwig Krispenz <lkrispen@xxxxxxxxxx> wrote: >>> One more question. Do the searches always match only one entry or one they should see and some they shouldn't ? >> In every case where we've seen this problem it's a search for one entry (uid=username) that the bind dn is able to see. > what i was thinking of is a scenario where there is a cn=user1 in two subtrees, the bound user should only see one. I remember a case where the deny for the one entry was cached and the other entry was not returned Oh, interesting. That is not the case for us though. >> >> Thanks for your input, we're working on repeating it reliably in 389. > That would be great I'll see what I can do. thanks, -morgan -- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
