[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
acl to read dn only
I'm trying to create an acl which allow a particular use to search my
DIT and retrieve dn values only. Perhaps a (broken) attempt at an acl
will help explain what I mean:
access to dn.children="dc=mtholyoke,dc=edu" attrs=distinguishedName
by dn="cn=proxysearchdn,dc=mtholyoke,dc=edu" read
by * break
access to dn.children="dc=mtholyoke,dc=edu"
by dn="cn=proxysearchdn,dc=mtholyoke,dc=edu" search
by * break
I want to use my proxysearchdn user to do the first step of a search and
bind operation, without giving that user any more access to objects than
necessary.
BTW, I can indicate attrs=distinguishedName, but attrs=dn gives me an
error. Correct behaviour, I'm sure, but I'm not sure then how to say
what I mean.
TIA.
--
Ron Peterson
Network & Systems Manager
Mount Holyoke College
http://www.mtholyoke.edu/~rpeterso