[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Limiting attributes through ACL



Try something along the lines:

# allow everybody to bind, and self to change password
access to attrs=userPassword
       by self write
       by anonymous auth

# allow everybody searching for objectClass
access to filter="(objectClass=inetOrgPerson)" attrs=objectClass
       by * search

# allow everybody to read the entry and the cn
access to filter="(objectClass=inetOrgPerson)" attrs=entry,cn
       by * read

# allow only users to read the rest of the entry
access to filter="(objectClass=inetOrgPerson)"
       by users read

# allow everybody to search (but not see) everything else
access to *
        by * search

p.



Ing. Pierangelo Masarati
OpenLDAP Core Team

SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
---------------------------------------
Office:  +39 02 23998309
Mobile:  +39 333 4963172
Email:   pierangelo.masarati@sys-net.it
---------------------------------------