[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: eliminating anonymous filter: mail=*

To: Charles Rouzer <vitalit@earthlink.net>
Subject: Re: eliminating anonymous filter: mail=*
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Tue, 15 Feb 2000 09:41:09 -0800
Cc: openldap-software@OpenLDAP.org
In-reply-to: <38A928B4.ACF5CC8A@earthlink.net>

At 05:21 AM 2/15/00 -0500, Charles Rouzer wrote:
>Just curious if anyone has a successful way of eliminating a wildcard
>search of the mail attribute.

Access is denied to targets of operations, not by parameters of
the operations.

>I want to allow specific searches (this
>would be a compare, no?

No, compare access to targets is required by the compare operation.
The search operation requires search access to apply the filter.
Matched results are returned only if they pass read access checks.

>if so how do I allow reading of the entry if
>the compare is successful).

read implies search.  If you allow the attribute to be returned
(read), you allow for it to be searched.

>Below is my broken slapd.conf:  

Please see archives for numerous examples and dicussions.

References:
- eliminating anonymous filter: mail=*
  - From: Charles Rouzer <vitalit@earthlink.net>

Prev by Date: RE: OpenLDAP & JAVA
Next by Date: Re: Memory usage question
Index(es):
- Chronological
- Thread