[Date Prev][Date Next]
Re: Q: How to prevent substring searches on "uid" attribute
Frank Swasey writes:
> I have not been able to determine (short of possibly redefining the
> attribute) how to prevent people from being able to do substring
> searches for the uid.
If there is some you can use I can't find it. But there is one
dirty way: Remove 'SUBSTR caseIgnoreSubstringsMatch' from the 'uid'
description in etc/openldap/schema/core.schema. You may regret that
if you later forget that you did it and use uid differently, though.
A cleaner way is to make your own attribute without a SUBSTR
matchingrule and use that instead of uid.