[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Limiting attributes through ACL



Pierangelo Masarati wrote:

Try something along the lines:

# allow everybody to bind, and self to change password
access to attrs=userPassword
      by self write
      by anonymous auth

# allow everybody searching for objectClass
access to filter="(objectClass=inetOrgPerson)" attrs=objectClass
      by * search

# allow everybody to read the entry and the cn
access to filter="(objectClass=inetOrgPerson)" attrs=entry,cn
      by * read

# allow only users to read the rest of the entry
access to filter="(objectClass=inetOrgPerson)"
      by users read

# allow everybody to search (but not see) everything else
access to *
       by * search

p.



That does the trick.

Grazie mille,
Dan.