[Date Prev][Date Next] [Chronological] [Thread] [Top]

masking LDAP search responses


I have an OpenLDAP to AD proxy up and running, and want to restrict the
data being returned when a search has completed.

For example if I search for cn=abc1 I get a full response of all data
held in our AD for that CN, ie:

filter: (cn=abc1)
dn: cn=abc1......
displayName: Andrew Bertram Carlisle
objectClass: person
mail:  abc1@mydomain.com
MEMBEROF: OU=.......
homeDirectory: \\fileserver1.myad.mydomain.com\abc1

Naturally I want to be able to limit the data that is returned to the
barest minimum required for the querying service.

I looked at the rwm overlay (slapo-rwm) and think I should be able to

overlay rwm
rwm-rewriteEngine on
rwm-map attribute       displayName             displayName
rwm-map attribute       *

So that ONLY the displayName gets shown on the output and the rest of
the data is filtered out.

This does not seem to be working though and I am at the point where I
have no idea why.  Does anyone have any suggestions that may help?