Page created: 6 Nov 2019 |
Page updated: 25 Mar 2020
- The directory server will not return the changelog entry if the user is not allowed to see the target entry.
- The directory server strips out any attributes that the user is not allowed to see.
- If no changes are left in the entry, no changelog entry will be returned.
- If only some attributes are stripped out, the changelog entry will be returned.
- Access control filtering on a specific attribute value is not supported. Either all attribute values are returned or none.
- If a sensitive attribute policy is used to filter attributes when a client normally
accesses the directory server, this policy will not be taken into consideration
during notifications since the Sync User is always connecting using the same method.
Configure access controls to filter out attributes, not based on the type of
connection made to the server, but based on who is accessing the data. The
filter-changes-by-userproperty will be able to evaluate if that person should have access to these attributes.