[Date Prev][Date Next] [Chronological] [Thread] [Top]

hide namingcontexts

I am trying to lock down an openldap server (2.4.23). Using the FAQ I
have limited the user entries with:

{1)to attrs=userPassword by self =xw by anonymous auth
{2)to * by users read

However, I cannot figure out how to match the namingContexts attribute
with olcaccess to also prevent unauthenticated users from listing the
directories served. I have tried many variations of the following based
on search results:

to attrs=namingContexts by * none

to dn.exact="" attrs=namingContexts by * none

to dn.base="" attrs=namingContexts val/distinguishedNameMatch="dc=mydomain,dc=com" by * none

Can anyone help?