[Date Prev][Date Next] [Chronological] [Thread] [Top]

ACLQuestion

To: openldap-technical@openldap.org, wichmann-karl@web.de
Subject: ACLQuestion
From: Karl Heinz Wichmann <wichmann-karl@web.de>
Date: Mon, 01 Sep 2014 22:21:26 +0200
User-agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.0

Hallo

I have a problem with acl. We have following sturctur.

dc=a,dc=b,dc=c
|
|-ou=ww-a
|
|-ou=ww-b
|
|-ou=ww-c
|
|-ou=ww-x
|
|-ou=system

In each ww-a,b,c...x have we users and groups.
In system we have system account (in groups and users)

When we search with an ldap client like thunderbird addressbook, theusers in system should not be visible.


I use follow rule didn't run:

olcAccess: {1}to filter="(objectclass=inetOrgperson)"attrs=entry,uid,sn,cn,mail,givenName bydn="cn=ad,ou=sys_ad,ou=people,dc=a,dc=b,dc=c" read by * none


the following rule, i found all users (incl. ad, admin and so on)

olcAccess: {1}to filter="(objectclass=*)"attrs=entry,uid,sn,cn,mail,givenName bydn="cn=ad,ou=system,dc=a,dc=b,dc=c" read by * none



I want to avoid regex when posible.

Karl Heinz

Prev by Date: OpenLdap Access Control
Next by Date: accesslog-based consumer stuck on objectClass modify on provider
Index(es):
- Chronological
- Thread