[Date Prev][Date Next] [Chronological] [Thread] [Top]

restrict wildcard searches

To: openldap-technical@openldap.org
Subject: restrict wildcard searches
From: Geert Hendrickx <geert@hendrickx.be>
Date: Tue, 14 Nov 2017 12:31:42 +0100
Content-disposition: inline
Dkim-signature: v=1; a=rsa-sha256; c=simple/simple; d=hendrickx.be; s=geert; t=1510659102; bh=3xgR2JIBIGn+B0t4o6ZwDQLMGfxxnYfvE2sKRF62CyY=; h=Date:From:To:Subject; b=xE/pWgMhfDsHAR70PmviCPtTV6lpv95/8KgE+q5U9U7oChghnr2eosFH8awxkegro Tn5XFMYlWLKpWxFihS4Fj1RziCc6iNEByx8oTbbGa44jGt+XxYPNB6B3r9gEs+GJ2V ywGtOzS+AJPtdcmr2nJ9obXdGBvtHbfV7Z2V1VejiVpKvDBtQc8VPCNBPfsKaJDgH0 2aw2oz/GvT4HYmQGj5nXZ0kSIGJ13pZbuChexXGGJzybaDM4Kp2aMnmF05eWwLYDs9 YRqw1WQqrAXLoLoPo6YMHudwqqfvudnrY4+rPEHFgYpEShtzvFgDj6SnuWFXWfMXGE BGGwD5B+w64KQ==
User-agent: Mutt/1.9.1 (2017-09-22)

Hi,

Is there a way to restrict (acl?) searches using wildcards?

For compliancly reasons, I want to allow certain (actually most) users to
search on eg. known email addresses, like: mail=user@example.org, but not
to retrieve a list of all users, like mail=*@example.org.

Sizelimit restriction is not enough, because they could still iteratively
retrieve everything, without launching an actual dictionary attack on all
possible mail addresses, which would be much harder.


	Geert


-- 
geert.hendrickx.be :: geert@hendrickx.be :: PGP: 0xC4BB9E9F
This e-mail was composed using 100% recycled spam messages!

Follow-Ups:
- Re: restrict wildcard searches
  - From: Michael Ströder <michael@stroeder.com>

Prev by Date: Efficient way to count number of entries in a database?
Next by Date: Re: restrict wildcard searches
Index(es):
- Chronological
- Thread