31 Mar
2014
31 Mar
'14
5:33 a.m.
On Mon, 2014-03-31 at 12:57 +0200, Jonas Kellens wrote:
On 31-03-14 12:52, Hallvard Breien Furuseth wrote:
(...) So you get what you're specifying: No access to baseDN of your search. Append something like this to access list:
access to * by * search
won't this statement give access to everything and everyone ? Because if it does, this is not what I want.
Yes - search but not read access, to everything not covered by previous access statements. So people can search for '(sn=Kell*) and discover that you exist, but not read your attributes.
By all means replace it with a more restrictive statement. To see what, read man slapd.access section OPERATION REQUIREMENTS.