[Date Prev][Date Next] [Chronological] [Thread] [Top]

Hiding userPassword and other attributes from anonymous LDAP clients (such as Eudora)


I'm just getting into LDAP access control and I apologize if the answer to
my question is obvious to most of you.

I am trying to prevent anonymous LDAP client programs, such as Eudora, from
seeing certain attributes.  (Most importantly I don't want the userPassword
attribute to be seen.)  I'm guessing that this is done with the
defaultaccess control in slapd.conf, but haven't found any simple
explanation of the details of defaultaccess usage.   

Can defaultaccess be used to hide certain attributes from anonymous client
such as Eudora?  If not, how can it be done?  

Could you point me to a good explanation of the workings of
'defaultaccess', perhaps a tutorial of some kind?

Thanks for your help.

Rudolf Nottrott
UCSB Santa Barbara