[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Limiting attributes through ACL

To: Dan Ciarniello <dciarniello@cityxpress.com>
Subject: Re: Limiting attributes through ACL
From: Pierangelo Masarati <ando@sys-net.it>
Date: Thu, 14 Jun 2007 21:27:38 +0200
Cc: openldap-software@openldap.org
In-reply-to: <46717A8F.6050506@cityxpress.com>
References: <46717A8F.6050506@cityxpress.com>
User-agent: Mail/News 1.5.0.8 (X11/20061210)

Dan Ciarniello wrote:
> I am trying to set up OpenLDAP to return all attributes for a given set
> of entries when accessed by an authenticated user but only a subset of
> the attributes when accessed anonymously but I can't figure out how to
> set up the ACL to do this.
> 
> As an example, I have a directory entry ou=People with a number of
> inetOrgPerson subentries.  When accessed anonymously, I would like only
> the cn attribute of the entries to be returned.  Is this possible?  If
> so, how do I set it up?

# anyone can see the cn of inetOrgPersons
access to filter="(objectClass=inetOrgPerson)" attrs=cn
	by * read

# only users can see anything else of inetOrgPersons
access to filter="(objectClass=inetOrgPerson)"
	by users read

p.



Ing. Pierangelo Masarati
OpenLDAP Core Team

SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
---------------------------------------
Office:  +39 02 23998309
Mobile:  +39 333 4963172
Email:   pierangelo.masarati@sys-net.it
---------------------------------------

References:
- Limiting attributes through ACL
  - From: Dan Ciarniello <dciarniello@cityxpress.com>

Prev by Date: Re: Roles
Next by Date: Re: Password change problem after adding ppolicy
Index(es):
- Chronological
- Thread