[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Limiting attributes through ACL

Dan Ciarniello wrote:
> I am trying to set up OpenLDAP to return all attributes for a given set
> of entries when accessed by an authenticated user but only a subset of
> the attributes when accessed anonymously but I can't figure out how to
> set up the ACL to do this.
> As an example, I have a directory entry ou=People with a number of
> inetOrgPerson subentries.  When accessed anonymously, I would like only
> the cn attribute of the entries to be returned.  Is this possible?  If
> so, how do I set it up?

# anyone can see the cn of inetOrgPersons
access to filter="(objectClass=inetOrgPerson)" attrs=cn
	by * read

# only users can see anything else of inetOrgPersons
access to filter="(objectClass=inetOrgPerson)"
	by users read


Ing. Pierangelo Masarati
OpenLDAP Core Team

SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
Office:  +39 02 23998309
Mobile:  +39 333 4963172
Email:   pierangelo.masarati@sys-net.it