[Date Prev][Date Next] [Chronological] [Thread] [Top]

Newbie access question



Hi,

All accounts, be them customers or employees have the same base dn.

dn: "uid=*,dc=corvu,dc=com"

For Authentication clients, this seems easiest.  However, for ldapSearch
information, I don't want customers to be able to search.

The only difference between a customer and an employee is that an employee
has additional attributes to satisfy the needs of "posixAccount".

In a search, I can get only employees easily (using the cn=manager root
account).  I need to figure out how to express this in the slapd.conf
file.  Here's what I have so far, but I can't figure out the syntax to
filter for posixAccount.

access to attrs=userPassword
        by self write
        by dn=.*,ou=admin,dc=corvu,dc=com write
        by * auth

access to *
        by dn=uid=gvldap,dc=corvu,dc=com write
        by group=objectclass=posixAccount read

But, my posixAccounts still cannot pull attibutes from search results. 
Any pointers appreciated.

Thank you,
Gary Allen