[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: masking LDAP search responses

Which values are returned is part of the ldap query.  Play around with ldapsearch.  I suspect there's an easier answer available.

- chris

Chris Jacobs, Systems Administrator, Technology Services Group
Apollo Group | Apollo Marketing & Product Development | Aptimus, Inc.
2001 6th Ave | Ste 3200 | Seattle, WA 98121
phone: 206.839-8245 | cell: 206.601.3256 | Fax: 208.441.9661
email:  chris.jacobs@apollogrp.edu

----- Original Message -----
From: openldap-technical-bounces@OpenLDAP.org <openldap-technical-bounces@OpenLDAP.org>
To: openldap-technical@openldap.org <openldap-technical@openldap.org>
Sent: Mon May 09 06:14:12 2011
Subject: RE: masking LDAP search responses


Please ignore my question, I have it sussed.

I needed to put the rwm config after ldap-back (which I did) but BEFORE
the ACLs, things are now working as expected.



> -----Original Message-----
> From: paul.osborne@canterbury.ac.uk
> [mailto:paul.osborne@canterbury.ac.uk]
> Sent: 09 May 2011 10:46
> To: openldap-technical@openldap.org
> Subject: masking LDAP search responses
> Hi,
> I have an OpenLDAP to AD proxy up and running, and want to restrict
> data being returned when a search has completed.
> For example if I search for cn=abc1 I get a full response of all data
> held in our AD for that CN, ie:
> filter: (cn=abc1)
> dn: cn=abc1......
> displayName: Andrew Bertram Carlisle
> objectClass: person
> mail:  abc1@mydomain.com
> MEMBEROF: OU=.......
> homeDirectory: \\fileserver1.myad.mydomain.com\abc1
> .
> .
> .
> Naturally I want to be able to limit the data that is returned to the
> barest minimum required for the querying service.
> I looked at the rwm overlay (slapo-rwm) and think I should be able to
> do:
> overlay rwm
> rwm-rewriteEngine on
> rwm-map attribute       displayName             displayName
> rwm-map attribute       *
> So that ONLY the displayName gets shown on the output and the rest of
> the data is filtered out.
> This does not seem to be working though and I am at the point where I
> have no idea why.  Does anyone have any suggestions that may help?
> Thanks
> Paul

This message is private and confidential. If you have received it in error, please notify the sender and remove it from your system.