[Date Prev][Date Next] [Chronological] [Thread] [Top]

restricting read access to certain attributes



Maybe I missing the point but I want to restrict which attributes are readable. The following contains my ACL which returns no results, BUT if I remove the line 'attrs=cn,mail' then the search works but returns all attributes.

I want to stop general users from seeing the dn as it is the username and I don't want the usernames to be visable.



access to * attr=userPassword
    by anonymous  auth
    by * none break

access to dn.regex="^([^,]+,)*ou=contacts,dc=(.+),dc=foo,dc=bar,dc=com$"
   attrs=cn,mail
   by dn.regex="^uid=(.+),ou=contacts,dc=$2,dc=foo,dc=bar,dc=com$" read
    by * none break

access to dn.regex="^([^,]+,)*dc=bar,dc=com$"
    by dn.exact="cn=PHPldap,dc=foo,dc=bar,dc=com" write
    by * none