My boss don't want to publish informations for all people but only for dn in the server (running in standalone mode)
I would like to do something like in future OpenLDAP 2.0:
Access to attr=userpasswd,entry
by self write
by anonymous auth
by * none
access *
by self write
by anonymous none
by * read
It is not permit in OpenLDAP 1.x
I though to do something like:
access to attr=userpasswd,entry
by self
write
by *
compare
access to dn=".* , dc=mycompagny,
dc=com"
by dn=".*, dc=mycompagny,
dc=com" search
Nothing's right:
If i try to conect as anonymous: ldapsearch return nothing so that's
good!
If i try to connect as rootdn: ldapsearch return all the entries so
that's OK
If i try to connect as a dn with the good passwd: i have only the access
on the user entry (with all attributes) but i don't have
permission to all the entries!!!!
HOW CAN I DO ?
Thanks to help me!
-- LAMOTHE Oswaldo +336.10.43.20.96 Eleve Ingenieur-Maitre lamothe@ifrance.com Systemes de Telecommunications 133,Bld Deodat de Severac et Reseaux Informatiques 31300 TOULOUSE