-----Original Message----- From: Ralf Mattes [mailto:rm@mh-freiburg.de] Sent: Tuesday, May 19, 2015 8:46 AM To: Craig White Cc: openldap-technical@openldap.org Subject: RE: hiding a naming context
Am Dienstag, 19. Mai 2015 17:22 CEST, Craig White CWhite@skytouchtechnology.com schrieb:
-----Original Message----- From: Michael Ströder [mailto:michael@stroeder.com] Sent: Tuesday, May 19, 2015 1:04 AM To: Craig White; openldap-technical@openldap.org Subject: Re: hiding a naming context
Craig White wrote:
Oh - and I put in just a single value in the ldif...
dn: olcDatabase={-1}frontend,cn=config changetype: modify add: olcAccess olcAccess: {0}to dn.exact="" attrs=namingContext
s/namingContext/namingContexts/
I see said the blind man - worked - thanks.
Now to determine if that actually hurts anything that I am doing otherwise.
Hmm - maybe I miss the obvious, but wasn't your initial goal "So our programmers want me to filter out ‘namingContexts: cn=accesslog’ for them (please don’t ask)"? Won't the above ACL block _all_ namingContexts attributes? ---- -----Original Message----- From: Ralf Mattes [mailto:rm@mh-freiburg.de] Sent: Tuesday, May 19, 2015 8:46 AM To: Craig White Cc: openldap-technical@openldap.org Subject: RE: hiding a naming context
Am Dienstag, 19. Mai 2015 17:22 CEST, Craig White CWhite@skytouchtechnology.com schrieb:
-----Original Message----- From: Michael Ströder [mailto:michael@stroeder.com] Sent: Tuesday, May 19, 2015 1:04 AM To: Craig White; openldap-technical@openldap.org Subject: Re: hiding a naming context
Craig White wrote:
Oh - and I put in just a single value in the ldif...
dn: olcDatabase={-1}frontend,cn=config changetype: modify add: olcAccess olcAccess: {0}to dn.exact="" attrs=namingContext
s/namingContext/namingContexts/
I see said the blind man - worked - thanks.
Now to determine if that actually hurts anything that I am doing otherwise.
Hmm - maybe I miss the obvious, but wasn't your initial goal "So our programmers want me to filter out ‘namingContexts: cn=accesslog’ for them (please don’t ask)"? Won't the above ACL block _all_ namingContexts attributes?
Cheers, Ralf Mattes ---- I think Michael clipped an extra line
dn: olcDatabase={-1}frontend,cn=config changetype: modify add: olcAccess olcAccess: {0}to dn.exact="" attrs=namingContexts val/distinguishedNameMatch="cn=accesslog" by * none
but to your point - that indeed seems to be what happened - nothing returned in naming contexts at all...
# ldapsearch -x -H ldapi:/// -s base -b '' namingContext "*" + -D cn=admin,dc=domain,dc=com -W Enter LDAP Password: # extended LDIF # # LDAPv3 # base <> with scope baseObject # filter: (objectclass=*) # requesting: namingContext * + #
# search result search: 2 result: 0 Success
# numResponses: 1
We have had issues with outlook365 for a week now but I am leaving this message mostly unchanged. Is it possible to have an ACL that blocks ONLY one naming context and not everything?