On Mon, Nov 14, 2011 at 1:37 PM, sim123 <Sim3159@gmail.com> wrote:
Hi All,

I am playing with access controls on openldap 2.4.26, I have a user with search access on everything

access to *
        by anonymous auth
        by dn="uid=102,ou=system,dc=example,dc=com" search

And when I perform search I get nothing

ldapsearch -H "ldap://testldap:389" -D "uid=102,ou=system,dc=example,dc=com" -b "ou=users,dc=example,dc=com" -x -W '(uid=1)' mail cn dn

Enter LDAP Password: 
# extended LDIF
#
# LDAPv3
# base <ou=users,dc=example,dc=com> with scope subtree
# filter: (uid=1)
# requesting: mail cn dn 
#

# search result
search: 2
result: 0 Success

# numResponses: 1

so I get a success but no value, is it a valid response? I want to control access so that the "uid=102" user can do lookup from given attributes but can not do (objectClass=*) to get a list of every entry in the ldap.

Thanks for the help

Other way of stating my problem is I want to control query filters on the server side so the user with "uid=102" can only do query using filter (uid=.+) ,  all other filters should be restricted. I tried this regular expression but getting no such object error.

Thanks