Re: LDAP access question

[Frank Swasey <Frank.Swasey@uvm.edu>]

On Aug 22 at 7:57pm, Tony Earnshaw wrote:

> tor, 2002-08-22 kl. 14:50 skrev Peter Furmonavicius:
>
> > Hello.  I can restrict what LDAP searches return by using statements
> > such as the following in my "slapd.conf" file.  For example, to not
> > return the attribute values for "employeeNumber"...
> > --------------
> > access to attr=employeeNumber
> >         by dn="cn=boss,dc=here,dc=com"  write
> >         by users read
> >         by * none
> > --------------
> > However, I have been unsuccessful in figuring out a way to not return
> > the "objectclass", or objectclass values.  Can anyone help me out
> > with this?  I do not want the "objectclass"es returned to any
> > anonymous searches.
>
> Many have asked this question, none have received answers.

I use the following and anonymous searches do not return objectclass...
I don't understand why people are having a problem with this.

access to attrs=objectClass
        by dn="cn=IAmYourGodAndIWillDoWhatIWant,dc=example,dc=com" write
        by self read
        by * search

With "by * none" a lot of default filters "(objectclass=*)" fail....

-- 
Frank Swasey                    | http://www.uvm.edu/~fcs
Systems Programmer              | Always remember: You are UNIQUE,
University of Vermont           |    just like everyone else.
                    === God Bless Us All ===