[Date Prev][Date Next] [Chronological] [Thread] [Top]

Resticting search to a specific base dn (limiting to just one result)



Hi!

I'd like to configure access control for my user directory so that only 
"exact" searches for one user are allowed, wildcard filters should be 
denied.

My idea was to try to configure acls that only allow searches where the 
base-dn specified is a full dn identifying a user.

E.g. I'd like to allow searches for
BaseDN: uid=leo,ou=users,dc=abc, Filter: (objectclass=*)
... and disallow searches for
BaseDN: ou=users,dc=abc, Filter: (objectclass=*)

Unfortunately I didn't manage to find a working configuration to achieve 
this setup.

Is this kind of access control possible with openldap-2.0.21?

Thanks in advance,
--leo

-----------------------------------------------------------------------
Alexander (Leo) Bergolth                          leo@leo.wu-wien.ac.at
WU-Wien - Zentrum fuer Informatikdienste       http://leo.wu-wien.ac.at
                 Computers are like air conditioners -
           they stop working properly when you open Windows