[Date Prev][Date Next]
Re: Disallowing Wildcard Searches ?
<quote who="Jerry Nicholls">
Basically I want a setup (a simple contacts list) where if you
aren't an authenticated user you cannot do a search using a filter
"(mail=*)". You can only perform explicit searches.
while i am new to LDAP, it seems you could set a default
ACL of deny to all unless authenticated, then individually
add ACLs for each of the fields and give it anonymous
i haven't tried it, but it sounds like a good idea, i will
probably play with it today and see if i can get it
if it does work, then i know more about ldap and openldap
then i had thought! wow. only been using it for a couple
In HEAD code and in the forthcoming 2.1 alpha there's support
for granular check of the number of entries that are returned/handled;
in detail, you can set these limits based on the dn that initiated
the request (with subtree, regex and more matching clauses). The limits
can affect: the number of entries that are returned, the duration of
the operation, and (this is probably what you need) the number
of candidates that are checked (filter/acl) before returning.
By setting this limit to a reasonable value for non-authenticated
users you can obtain the filtering you need.
Dr. Pierangelo Masarati | voice: +39 02 2399 8309
Dip. Ing. Aerospaziale | fax: +39 02 2399 8334
Politecnico di Milano | mailto:firstname.lastname@example.org
via La Masa 34, 20156 Milano, Italy | http://www.aero.polimi.it/~masarati