[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: hide namingcontexts

openldap@downhomelinux.com wrote:
> I am trying to lock down an openldap server (2.4.23). Using the FAQ I
> have limited the user entries with:
> {1)to attrs=userPassword by self =xw by anonymous auth
> {2)to * by users read
> However, I cannot figure out how to match the namingContexts attribute
> with olcaccess to also prevent unauthenticated users from listing the
> directories served. I have tried many variations of the following based
> on search results:
> to attrs=namingContexts by * none
> to dn.exact="" attrs=namingContexts by * none
> to dn.base="" attrs=namingContexts val/distinguishedNameMatch="dc=mydomain,dc=com" by * none

Since you're using back-config make sure that you add the ACLs to entry


Personally I think it does not make sense to lock down attribute
'namingContexts' including bound users though.

Ciao, Michael.

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature