[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: LDAP access question
On Aug 22 at 7:57pm, Tony Earnshaw wrote:
> tor, 2002-08-22 kl. 14:50 skrev Peter Furmonavicius:
>
> > Hello. I can restrict what LDAP searches return by using statements
> > such as the following in my "slapd.conf" file. For example, to not
> > return the attribute values for "employeeNumber"...
> > --------------
> > access to attr=employeeNumber
> > by dn="cn=boss,dc=here,dc=com" write
> > by users read
> > by * none
> > --------------
> > However, I have been unsuccessful in figuring out a way to not return
> > the "objectclass", or objectclass values. Can anyone help me out
> > with this? I do not want the "objectclass"es returned to any
> > anonymous searches.
>
> Many have asked this question, none have received answers.
I use the following and anonymous searches do not return objectclass...
I don't understand why people are having a problem with this.
access to attrs=objectClass
by dn="cn=IAmYourGodAndIWillDoWhatIWant,dc=example,dc=com" write
by self read
by * search
With "by * none" a lot of default filters "(objectclass=*)" fail....
--
Frank Swasey | http://www.uvm.edu/~fcs
Systems Programmer | Always remember: You are UNIQUE,
University of Vermont | just like everyone else.
=== God Bless Us All ===