[Date Prev][Date Next] [Chronological] [Thread] [Top]

Validate search base dn against bind dn?

Has anyone had success with using a slapd shell backend to ensure that search dn's are the same as bind dn's? (i.e. if a user binds with "cn=user,dc=address,dc=book", is there a way to make sure that the user will only be able to search with a search dn like "cn=user,dc=address,dc=book"). The goal is to ensure that users who successfully login can't access each other's account information (i.e. both "cn=bob" and "cn=joe" can bind successfully, but bob should not be able to use "cn=joe" as his search base dn). Any advice would be greatly appreciated. Thanks!

-Alex Dorsk
Lux Scientiae