[Date Prev][Date Next]
Re: masking LDAP search responses
Which values are returned is part of the ldap query. Play around with ldapsearch. I suspect there's an easier answer available.
Chris Jacobs, Systems Administrator, Technology Services Group
Apollo Group | Apollo Marketing & Product Development | Aptimus, Inc.
2001 6th Ave | Ste 3200 | Seattle, WA 98121
phone: 206.839-8245 | cell: 206.601.3256 | Fax: 208.441.9661
----- Original Message -----
From: openldap-technical-bounces@OpenLDAP.org <openldap-technical-bounces@OpenLDAP.org>
To: firstname.lastname@example.org <email@example.com>
Sent: Mon May 09 06:14:12 2011
Subject: RE: masking LDAP search responses
Please ignore my question, I have it sussed.
I needed to put the rwm config after ldap-back (which I did) but BEFORE
the ACLs, things are now working as expected.
> -----Original Message-----
> From: firstname.lastname@example.org
> Sent: 09 May 2011 10:46
> To: email@example.com
> Subject: masking LDAP search responses
> I have an OpenLDAP to AD proxy up and running, and want to restrict
> data being returned when a search has completed.
> For example if I search for cn=abc1 I get a full response of all data
> held in our AD for that CN, ie:
> filter: (cn=abc1)
> dn: cn=abc1......
> displayName: Andrew Bertram Carlisle
> objectClass: person
> mail: firstname.lastname@example.org
> MEMBEROF: OU=.......
> homeDirectory: \\fileserver1.myad.mydomain.com\abc1
> Naturally I want to be able to limit the data that is returned to the
> barest minimum required for the querying service.
> I looked at the rwm overlay (slapo-rwm) and think I should be able to
> overlay rwm
> rwm-rewriteEngine on
> rwm-map attribute displayName displayName
> rwm-map attribute *
> So that ONLY the displayName gets shown on the output and the rest of
> the data is filtered out.
> This does not seem to be working though and I am at the point where I
> have no idea why. Does anyone have any suggestions that may help?
This message is private and confidential. If you have received it in error, please notify the sender and remove it from your system.