[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Hiding userPassword and other attributes from anonymous LDAPclients (such as Eudora)

To: OpenLDAP-Software <openldap-software@OpenLDAP.org>
Subject: Re: Hiding userPassword and other attributes from anonymous LDAPclients (such as Eudora)
From: German Poo Caaman~o <gpoo@ubiobio.cl>
Date: Fri, 13 Oct 2000 12:14:35 -0400 (CLT)
In-reply-to: <3.0.3.32.20001013083741.009d3830@nceas.nceas.ucsb.edu>

On Fri, 13 Oct 2000, Rudolf Nottrott, NCEAS wrote:
> Thanks Patrick, for your examples.  
> 
> I did a lot of experimenting yesterday and found that the following works
> for hiding the password, although I still don't really understand how:
> 
> defaultaccess read
> access to attr=userPassword
>     by * search
> 
> access to * by self write
> 
> Taken as plain English, "access to attr=userPassword" suggests the opposite
> of hiding to me, but it hides the password alright.

access to attr=userpassword
    by self         write
    by *            compare

Means:  Access to user to write (implies read) and 
access for the others only compare.

-- 
German Poo Caaman~o
mailto:gpoo@ubiobio.cl
http://www.ubiobio.cl/~gpoo/chilelindo.html

References:
- Re: Hiding userPassword and other attributes from anonymous LDAPclients (such as Eudora)
  - From: "Rudolf Nottrott, NCEAS" <nottrott@nceas.ucsb.edu>

Prev by Date: Re: Hiding userPassword and other attributes from anonymous LDAPclients (such as Eudora)
Next by Date: Re: DSE Root/first entry
Index(es):
- Chronological
- Thread