Re: How to hide namingContext in rootDSE ?

Friday, 19 December 2008

...
>> 2/ How can I hide my transitional LDAP suffix in the rootDSE
? 
[...]

...
 8<--------
 access to dn.exact=""
   attrs=namingContexts val/distinguishedNameMatch="o=example transitional"
   by * none
 access to dn.base="" by * read
 8<--------

 The first should match when namingContexts are listed. But it doesn't, I
 have read access on all values. I have inverted all ACLs, tried to apply
 different scopes or more restrictive rights with some break/continue
 controls, etc. 
[...]

...
 Any idea ? 
Maybe I got it. I read the manpage of slapd.access :

"Using the form attrs=<attr>
val[/matchingRule][.<attrstyle>]=<attrval>
specifies access to a particular value of a single attribute. *In this
case, only a single attribute type may be given*. [...]"

So, I tried with the single-value configContext attribute, and it works!
So, I can not apply this rule on namingContexts because it contains
multiple values ?

Thomas.

-- 
Thomas Chemineau
Groupe LINAGORA - http://www.linagora.com
Tél.: +33(0)1 58 18 68 28 - Fax : +33(0)1 58 18 68 29

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006