[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Limiting attributes through ACL
Try something along the lines:
# allow everybody to bind, and self to change password
access to attrs=userPassword
by self write
by anonymous auth
# allow everybody searching for objectClass
access to filter="(objectClass=inetOrgPerson)" attrs=objectClass
by * search
# allow everybody to read the entry and the cn
access to filter="(objectClass=inetOrgPerson)" attrs=entry,cn
by * read
# allow only users to read the rest of the entry
access to filter="(objectClass=inetOrgPerson)"
by users read
# allow everybody to search (but not see) everything else
access to *
by * search
p.
Ing. Pierangelo Masarati
OpenLDAP Core Team
SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
---------------------------------------
Office: +39 02 23998309
Mobile: +39 333 4963172
Email: pierangelo.masarati@sys-net.it
---------------------------------------