[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP search issue.

On Mon, Nov 20, 2006 at 11:00:46AM +0200, G?khan wrote:
> Hello;
> I have a question on LDAP search issue.
> I want to disable full search on the LDAP tree.
> Eg:
> My LDAP Tree is:
> c=US, o=Dept1, cn=John Smith
> c=US, o=Dept1, cn=Ann Adams
> I want to deny to read full listing of the tree but only allow when the
> search condition meets only the required person.
> In the example above I want nobody to be listed. But when the search
> criteria is "c=US, o=Dept1, cn=Ann Adams"  this entry must be listed. When a
> search on "c=US" comes, nothing must be listed.
> What is the correct  Access Control Information for this request??

Something like:
access to dn.children=c=US, o=Dept1 by * read
access to dn.children=c=US, o=Dept2 by * read
access to dn.sub=c=US by * deny

It's just untested idea.
For details read slapd.access(5) about dnstyle

Dmitriy Kirhlarov
OILspace, 26 Leninskaya sloboda, bld. 2, 2nd floor, 115280 Moscow, Russia
P:+7 495 105 7247 ext.208 F:+7 495 105 7246 E:DmitriyKirhlarov@oilspace.com
OILspace - The resource enriched - www.oilspace.com