Hi,
I have an OpenLDAP to AD proxy up and running, and want to restrict the data being returned when a search has completed.
For example if I search for cn=abc1 I get a full response of all data held in our AD for that CN, ie:
filter: (cn=abc1) dn: cn=abc1...... displayName: Andrew Bertram Carlisle objectClass: person mail: abc1@mydomain.com MEMBEROF: OU=....... homeDirectory: \fileserver1.myad.mydomain.com\abc1 . . .
Naturally I want to be able to limit the data that is returned to the barest minimum required for the querying service.
I looked at the rwm overlay (slapo-rwm) and think I should be able to do:
overlay rwm rwm-rewriteEngine on rwm-map attribute displayName displayName rwm-map attribute *
So that ONLY the displayName gets shown on the output and the rest of the data is filtered out.
This does not seem to be working though and I am at the point where I have no idea why. Does anyone have any suggestions that may help?
Thanks
Paul
Hi,
Please ignore my question, I have it sussed.
I needed to put the rwm config after ldap-back (which I did) but BEFORE the ACLs, things are now working as expected.
Thanks
Paul
-----Original Message----- From: paul.osborne@canterbury.ac.uk [mailto:paul.osborne@canterbury.ac.uk] Sent: 09 May 2011 10:46 To: openldap-technical@openldap.org Subject: masking LDAP search responses
Hi,
I have an OpenLDAP to AD proxy up and running, and want to restrict
the
data being returned when a search has completed.
For example if I search for cn=abc1 I get a full response of all data held in our AD for that CN, ie:
filter: (cn=abc1) dn: cn=abc1...... displayName: Andrew Bertram Carlisle objectClass: person mail: abc1@mydomain.com MEMBEROF: OU=....... homeDirectory: \fileserver1.myad.mydomain.com\abc1 . . .
Naturally I want to be able to limit the data that is returned to the barest minimum required for the querying service.
I looked at the rwm overlay (slapo-rwm) and think I should be able to do:
overlay rwm rwm-rewriteEngine on rwm-map attribute displayName displayName rwm-map attribute *
So that ONLY the displayName gets shown on the output and the rest of the data is filtered out.
This does not seem to be working though and I am at the point where I have no idea why. Does anyone have any suggestions that may help?
Thanks
Paul
Which values are returned is part of the ldap query. Play around with ldapsearch. I suspect there's an easier answer available.
- chris
Chris Jacobs, Systems Administrator, Technology Services Group Apollo Group | Apollo Marketing & Product Development | Aptimus, Inc. 2001 6th Ave | Ste 3200 | Seattle, WA 98121 phone: 206.839-8245 | cell: 206.601.3256 | Fax: 208.441.9661 email: chris.jacobs@apollogrp.edu
----- Original Message ----- From: openldap-technical-bounces@OpenLDAP.org openldap-technical-bounces@OpenLDAP.org To: openldap-technical@openldap.org openldap-technical@openldap.org Sent: Mon May 09 06:14:12 2011 Subject: RE: masking LDAP search responses
Hi,
Please ignore my question, I have it sussed.
I needed to put the rwm config after ldap-back (which I did) but BEFORE the ACLs, things are now working as expected.
Thanks
Paul
-----Original Message----- From: paul.osborne@canterbury.ac.uk [mailto:paul.osborne@canterbury.ac.uk] Sent: 09 May 2011 10:46 To: openldap-technical@openldap.org Subject: masking LDAP search responses
Hi,
I have an OpenLDAP to AD proxy up and running, and want to restrict
the
data being returned when a search has completed.
For example if I search for cn=abc1 I get a full response of all data held in our AD for that CN, ie:
filter: (cn=abc1) dn: cn=abc1...... displayName: Andrew Bertram Carlisle objectClass: person mail: abc1@mydomain.com MEMBEROF: OU=....... homeDirectory: \fileserver1.myad.mydomain.com\abc1 . . .
Naturally I want to be able to limit the data that is returned to the barest minimum required for the querying service.
I looked at the rwm overlay (slapo-rwm) and think I should be able to do:
overlay rwm rwm-rewriteEngine on rwm-map attribute displayName displayName rwm-map attribute *
So that ONLY the displayName gets shown on the output and the rest of the data is filtered out.
This does not seem to be working though and I am at the point where I have no idea why. Does anyone have any suggestions that may help?
Thanks
Paul
This message is private and confidential. If you have received it in error, please notify the sender and remove it from your system.
openldap-technical@openldap.org
-
Chris Jacobs -
paul.osborne@canterbury.ac.uk