Dan Ciarniello wrote:
I am trying to set up OpenLDAP to return all attributes for a given set of entries when accessed by an authenticated user but only a subset of the attributes when accessed anonymously but I can't figure out how to set up the ACL to do this.
As an example, I have a directory entry ou=People with a number of inetOrgPerson subentries. When accessed anonymously, I would like only the cn attribute of the entries to be returned. Is this possible? If so, how do I set it up?
# anyone can see the cn of inetOrgPersons access to filter="(objectClass=inetOrgPerson)" attrs=cn by * read
# only users can see anything else of inetOrgPersons access to filter="(objectClass=inetOrgPerson)" by users read
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it --------------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Email: pierangelo.masarati@sys-net.it ---------------------------------------