[Date Prev][Date Next]
Re: LDAP search issue.
On Mon, Nov 20, 2006 at 11:00:46AM +0200, G?khan wrote:
> I have a question on LDAP search issue.
> I want to disable full search on the LDAP tree.
> My LDAP Tree is:
> c=US, o=Dept1, cn=John Smith
> c=US, o=Dept1, cn=Ann Adams
> I want to deny to read full listing of the tree but only allow when the
> search condition meets only the required person.
> In the example above I want nobody to be listed. But when the search
> criteria is "c=US, o=Dept1, cn=Ann Adams" this entry must be listed. When a
> search on "c=US" comes, nothing must be listed.
> What is the correct Access Control Information for this request??
access to dn.children=c=US, o=Dept1 by * read
access to dn.children=c=US, o=Dept2 by * read
access to dn.sub=c=US by * deny
It's just untested idea.
For details read slapd.access(5) about dnstyle
OILspace, 26 Leninskaya sloboda, bld. 2, 2nd floor, 115280 Moscow, Russia
P:+7 495 105 7247 ext.208 F:+7 495 105 7246 E:DmitriyKirhlarov@oilspace.com
OILspace - The resource enriched - www.oilspace.com