[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Readable but not searchable?

To: Daniel Henninger <daniel@ncsu.edu>
Subject: Re: Readable but not searchable?
From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
Date: Fri, 25 Jun 2004 21:43:37 +0200
Cc: openldap-software@OpenLDAP.org
In-reply-to: <Pine.GSO.4.58.0406251531340.11810@ghidora.unity.ncsu.edu>
References: <Pine.GSO.4.58.0406242309320.22742@ghidora.unity.ncsu.edu> <HBF.20040625r4qr@bombur.uio.no> <Pine.GSO.4.58.0406251531340.11810@ghidora.unity.ncsu.edu>

Daniel Henninger writes:
> =r access, then I was never able to find anything.  Maybe I was searching
> incorrectly?  If you had your access rule set up like this, and went to
> use ldapsearch, what would you enter?

Sorry, I should have mentioned that.

ldapseach -b 'printer-name=foo,ou=private,ou=printers,dc=ncsu,dc=edu' \
          -s base "(&)"

"(&)" is the True filter - it matches anything.

> I tried something like:
> ldapsearch -b 'ou=private,ou=printers,dc=ncsu,dc=edu' '(printer-name=foo)'
> but had no luck

Because you did search for printer-name, which is disabled by the
access controls.

The access controls I mentioned should even prohibit "(objectClass=*)".
If your clients use that as the 'anything' filter, you need something like

  access to dn.subtree=ou=private,ou=printers,dc=ncsu,dc=edu
            attrs=objectClass by * =rcs

before the other access statement.

>>   access to dn.subtree=ou=private,ou=printers,dc=ncsu,dc=edu by * =r

-- 
Hallvard

References:
- Readable but not searchable?
  - From: Daniel Henninger <daniel@unity.ncsu.edu>
- Re: Readable but not searchable?
  - From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
- Re: Readable but not searchable?
  - From: Daniel Henninger <daniel@unity.ncsu.edu>

Prev by Date: Re: Readable but not searchable?
Next by Date: Re: Readable but not searchable?
Index(es):
- Chronological
- Thread