[Date Prev][Date Next] [Chronological] [Thread] [Top]

Newbie access question

To: <openldap-software@OpenLDAP.org>
Subject: Newbie access question
From: "Gary Allen Vollink" <gvldap@corvu.com>
Date: Tue, 5 Aug 2003 16:35:59 -0500 (CDT)
Importance: Normal

Hi,

All accounts, be them customers or employees have the same base dn.

dn: "uid=*,dc=corvu,dc=com"

For Authentication clients, this seems easiest.  However, for ldapSearch
information, I don't want customers to be able to search.

The only difference between a customer and an employee is that an employee
has additional attributes to satisfy the needs of "posixAccount".

In a search, I can get only employees easily (using the cn=manager root
account).  I need to figure out how to express this in the slapd.conf
file.  Here's what I have so far, but I can't figure out the syntax to
filter for posixAccount.

access to attrs=userPassword
        by self write
        by dn=.*,ou=admin,dc=corvu,dc=com write
        by * auth

access to *
        by dn=uid=gvldap,dc=corvu,dc=com write
        by group=objectclass=posixAccount read

But, my posixAccounts still cannot pull attibutes from search results. 
Any pointers appreciated.

Thank you,
Gary Allen

Prev by Date: Re: problems with OpenLDAP (Debian and FreeBSD)
Next by Date: True64 Client/Linux redhat Server
Index(es):
- Chronological
- Thread