[Date Prev][Date Next]
Validate search base dn against bind dn?
Has anyone had success with using a slapd shell backend to ensure
that search dn's are the same as bind dn's? (i.e. if a user binds with
"cn=user,dc=address,dc=book", is there a way to make sure that the user
will only be able to search with a search dn like
"cn=user,dc=address,dc=book"). The goal is to ensure that users who
successfully login can't access each other's account information (i.e.
both "cn=bob" and "cn=joe" can bind successfully, but bob should not be
able to use "cn=joe" as his search base dn). Any advice would be
greatly appreciated. Thanks!