[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
restricting read access to certain attributes
- To: openldap-software@OpenLDAP.org
- Subject: restricting read access to certain attributes
- From: Peter Clarke <peter@jingo.com>
- Date: Thu, 20 Nov 2003 19:56:28 +0000
- User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.5) Gecko/20031007
Maybe I missing the point but I want to restrict which attributes are
readable. The following contains my ACL which returns no results, BUT
if I remove the line 'attrs=cn,mail' then the search works but returns
all attributes.
I want to stop general users from seeing the dn as it is the username
and I don't want the usernames to be visable.
access to * attr=userPassword
by anonymous auth
by * none break
access to dn.regex="^([^,]+,)*ou=contacts,dc=(.+),dc=foo,dc=bar,dc=com$"
attrs=cn,mail
by dn.regex="^uid=(.+),ou=contacts,dc=$2,dc=foo,dc=bar,dc=com$" read
by * none break
access to dn.regex="^([^,]+,)*dc=bar,dc=com$"
by dn.exact="cn=PHPldap,dc=foo,dc=bar,dc=com" write
by * none