[Date Prev][Date Next] [Chronological] [Thread] [Top]

ACL's - read but not search?

To: openldap-software@OpenLDAP.org
Subject: ACL's - read but not search?
From: Matt Richard <matt.richard@fandm.edu>
Date: Mon, 27 Oct 2003 08:53:36 -0400

Hi,

I want to create a set of ACL's that will allow users to view certain attributes, but not search on those attributes. The biggest example is phone numbers. I want to allow users to look up the phone number for a person, but not look up the person for that phone number.

For a single ACL, if I permit a specific action, I also permit all actions actions above it also. For example, read access implies search access, and write access implies both read and search access.

http://www.openldap.org/doc/admin21/slapdconfig.html#Access%20Control

Does anyone know of a way to allow read access on an attribute, without search access on that same attribute?

Thanks,

Matt

--
Matt Richard
Access and Security Coordinator
Franklin & Marshall College
matt.richard@fandm.edu

Prev by Date: webmin ldap error
Next by Date: Re: ldapsearch query.
Index(es):
- Chronological
- Thread