[Date Prev][Date Next] [Chronological] [Thread] [Top]

restricting read access to certain attributes

To: openldap-software@OpenLDAP.org
Subject: restricting read access to certain attributes
From: Peter Clarke <peter@jingo.com>
Date: Thu, 20 Nov 2003 19:56:28 +0000
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.5) Gecko/20031007

Maybe I missing the point but I want to restrict which attributes are readable. The following contains my ACL which returns no results, BUT if I remove the line 'attrs=cn,mail' then the search works but returns all attributes.

I want to stop general users from seeing the dn as it is the username and I don't want the usernames to be visable.

access to * attr=userPassword
    by anonymous  auth
    by * none break

access to dn.regex="^([^,]+,)*ou=contacts,dc=(.+),dc=foo,dc=bar,dc=com$"
   attrs=cn,mail
   by dn.regex="^uid=(.+),ou=contacts,dc=$2,dc=foo,dc=bar,dc=com$" read
    by * none break

access to dn.regex="^([^,]+,)*dc=bar,dc=com$"
    by dn.exact="cn=PHPldap,dc=foo,dc=bar,dc=com" write
    by * none

Prev by Date: RE: Slurpd over SSL
Next by Date: failed assertion `LBER_VALID( ber )'
Index(es):
- Chronological
- Thread