[Date Prev][Date Next] [Chronological] [Thread] [Top]

hide namingcontexts

To: openldap-technical@openldap.org
Subject: hide namingcontexts
From: openldap@downhomelinux.com
Date: Fri, 22 Nov 2013 19:01:12 +0000
Content-disposition: inline
Dkim-signature: v=1; a=rsa-sha256; c=simple/simple; d=downhomelinux.com; s=default; t=1385146874; bh=qGJyzoLSUiTNayi3u4irdhYoysfMN5ZKcf/ck++wwnw=; h=Date:From:To:Subject; b=jvLMelOd0UDmSGmfmtcLYr3U69vdOzjRNOH+4T3qCQWCXTJSjPLFwuQgjoexUOkwP H385sCgLRceSauH6wD5LOrmYNYt1VTVxsZjELaVZRJ6sAi2DAgv8mMIKjqpWeb33M+ uAK1eNJ4Y+jvIq430zDY2pc7Q20BHmOPQodc2elE=
User-agent: Mutt/1.5.20 (2009-12-10)

I am trying to lock down an openldap server (2.4.23). Using the FAQ I
have limited the user entries with:

{1)to attrs=userPassword by self =xw by anonymous auth
{2)to * by users read

However, I cannot figure out how to match the namingContexts attribute
with olcaccess to also prevent unauthenticated users from listing the
directories served. I have tried many variations of the following based
on search results:

to attrs=namingContexts by * none

to dn.exact="" attrs=namingContexts by * none

to dn.base="" attrs=namingContexts val/distinguishedNameMatch="dc=mydomain,dc=com" by * none

Can anyone help?

Thanks

Follow-Ups:
- Re: hide namingcontexts
  - From: Aaron Richton <richton@nbcs.rutgers.edu>
- Re: hide namingcontexts
  - From: Michael Ströder <michael@stroeder.com>

Prev by Date: Re: Openldap for proxy AD
Next by Date: Re: Q: "opjectClass: top" or not?
Index(es):
- Chronological
- Thread