[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: How to hide namingContext in rootDSE ?

To: openldap-software@openldap.org
Subject: Re: How to hide namingContext in rootDSE ?
From: "Thomas Chemineau" <tchemineau@linagora.com>
Date: Fri, 19 Dec 2008 11:29:07 +0100 (CET)
Importance: Normal
User-agent: SquirrelMail/1.4.11

>>> 2/ How can I hide my transitional LDAP suffix in the rootDSE ?

[...]

> 8<--------
> access to dn.exact=""
>   attrs=namingContexts val/distinguishedNameMatch="o=example transitional"
>   by * none
> access to dn.base="" by * read
> 8<--------
>
> The first should match when namingContexts are listed. But it doesn't, I
> have read access on all values. I have inverted all ACLs, tried to apply
> different scopes or more restrictive rights with some break/continue
> controls, etc.

[...]

> Any idea ?

Maybe I got it. I read the manpage of slapd.access :

"Using the form attrs=<attr> val[/matchingRule][.<attrstyle>]=<attrval>
specifies access to a particular value of a single attribute. *In this
case, only a single attribute type may be given*. [...]"

So, I tried with the single-value configContext attribute, and it works!
So, I can not apply this rule on namingContexts because it contains
multiple values ?

Thomas.

-- 
Thomas Chemineau
Groupe LINAGORA - http://www.linagora.com
Tél.: +33(0)1 58 18 68 28 - Fax : +33(0)1 58 18 68 29

Prev by Date: Re: How to hide namingContext in rootDSE ?
Next by Date: LDAP recovery question...
Index(es):
- Chronological
- Thread