Hi All,
I am playing with access controls on openldap 2.4.26, I have a user with search access on everything
access to *
by anonymous auth
by dn="uid=102,ou=system,dc=example,dc=com" search
And when I perform search I get nothing
ldapsearch -H "ldap://testldap:389" -D "uid=102,ou=system,dc=example,dc=com" -b "ou=users,dc=example,dc=com" -x -W '(uid=1)' mail cn dn
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <ou=users,dc=example,dc=com> with scope subtree
# filter: (uid=1)
# requesting: mail cn dn
#
# search result
search: 2
result: 0 Success
# numResponses: 1
so I get a success but no value, is it a valid response? I want to control access so that the "uid=102" user can do lookup from given attributes but can not do (objectClass=*) to get a list of every entry in the ldap.
Thanks for the help
Other way of stating my problem is I want to control query filters on the server side so the user with "uid=102" can only do query using filter (uid=.+) , all other filters should be restricted. I tried this regular expression but getting no such object error.