[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
restrict wildcard searches
- To: openldap-technical@openldap.org
- Subject: restrict wildcard searches
- From: Geert Hendrickx <geert@hendrickx.be>
- Date: Tue, 14 Nov 2017 12:31:42 +0100
- Content-disposition: inline
- Dkim-signature: v=1; a=rsa-sha256; c=simple/simple; d=hendrickx.be; s=geert; t=1510659102; bh=3xgR2JIBIGn+B0t4o6ZwDQLMGfxxnYfvE2sKRF62CyY=; h=Date:From:To:Subject; b=xE/pWgMhfDsHAR70PmviCPtTV6lpv95/8KgE+q5U9U7oChghnr2eosFH8awxkegro Tn5XFMYlWLKpWxFihS4Fj1RziCc6iNEByx8oTbbGa44jGt+XxYPNB6B3r9gEs+GJ2V ywGtOzS+AJPtdcmr2nJ9obXdGBvtHbfV7Z2V1VejiVpKvDBtQc8VPCNBPfsKaJDgH0 2aw2oz/GvT4HYmQGj5nXZ0kSIGJ13pZbuChexXGGJzybaDM4Kp2aMnmF05eWwLYDs9 YRqw1WQqrAXLoLoPo6YMHudwqqfvudnrY4+rPEHFgYpEShtzvFgDj6SnuWFXWfMXGE BGGwD5B+w64KQ==
- User-agent: Mutt/1.9.1 (2017-09-22)
Hi,
Is there a way to restrict (acl?) searches using wildcards?
For compliancly reasons, I want to allow certain (actually most) users to
search on eg. known email addresses, like: mail=user@example.org, but not
to retrieve a list of all users, like mail=*@example.org.
Sizelimit restriction is not enough, because they could still iteratively
retrieve everything, without launching an actual dictionary attack on all
possible mail addresses, which would be much harder.
Geert
--
geert.hendrickx.be :: geert@hendrickx.be :: PGP: 0xC4BB9E9F
This e-mail was composed using 100% recycled spam messages!