Page created: 15 Jul 2022 |
Page updated: 20 Jan 2023
- The directory server will not return the changelog entry if the user is not allowed to see the target entry.
- The directory server strips out any attributes that the user is not allowed to see.
- If no changes are left in the entry, no changelog entry will be returned.
- If only some attributes are stripped out, the changelog entry will be returned.
- Access control filtering on a specific attribute value is not supported. Either all attribute values are returned or none.
- If a sensitive attribute policy is used to filter attributes when a client normally
accesses the directory server, this policy will not be taken into consideration during
notifications since the Sync User is always connecting using the same method. Configure
access controls to filter out attributes, not based on the type of connection made to
the server, but based on who is accessing the data. The
filter-changes-by-userproperty will be able to evaluate if that person should have access to these attributes.