- /* entry is a referral, don't allow add */
- rs->sr_ref = get_entry_referrals( op, e );
-
-#ifdef NEW_LOGGING
- LDAP_LOG ( OPERATION, DETAIL1,
- "bdb_compare: entry is referral\n", 0, 0, 0 );
-#else
- Debug( LDAP_DEBUG_TRACE, "entry is referral\n", 0,
- 0, 0 );
-#endif
-
- rs->sr_err = LDAP_REFERRAL;
- rs->sr_matched = e->e_name.bv_val;
+#ifdef SLAP_ACL_HONOR_DISCLOSE
+ /* return referral only if "disclose" is granted on the object */
+ if ( !access_allowed( op, e, slap_schema.si_ad_entry,
+ NULL, ACL_DISCLOSE, NULL ) )
+ {
+ rs->sr_err = LDAP_NO_SUCH_OBJECT;
+ } else
+#endif /* SLAP_ACL_HONOR_DISCLOSE */
+ {
+ /* entry is a referral, don't allow compare */
+ rs->sr_ref = get_entry_referrals( op, e );
+ rs->sr_err = LDAP_REFERRAL;
+ rs->sr_matched = e->e_name.bv_val;
+ }
+
+ Debug( LDAP_DEBUG_TRACE, "entry is referral\n", 0, 0, 0 );
+