[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Q: How to prevent substring searches on "uid" attribute

Frank Swasey writes:
> I have not been able to determine (short of possibly redefining the
> attribute) how to prevent people from being able to do substring
> searches for the uid.

If there is some you can use I can't find it.  But there is one
dirty way: Remove 'SUBSTR caseIgnoreSubstringsMatch' from the 'uid'
description in etc/openldap/schema/core.schema.  You may regret that
if you later forget that you did it and use uid differently, though.

A cleaner way is to make your own attribute without a SUBSTR
matchingrule and use that instead of uid.