openldap search acl

Posted by Patrick on Server Fault See other posts from Server Fault or by Patrick
Published on 2012-04-16T04:11:57Z Indexed on 2012/04/16 5:33 UTC
Read the original article Hit count: 492

Filed under:

openldap

|

acl

I'm trying to write an access control for OpenLDAP to allow a user to search with a certain base dn, but only get results back from certain sub dn's. I've played with lots of different rules but cant get it to work. I'm not sure its even possible.

For example:
I have the user with the dn uid=testuser,ou=people,dc=example,dc=com. I want this user to be able to search with a base of dc=example,dc=com and get back entries in ou=people,dc=example,dc=com. There are lots of other sub OUs under dc=example,dc=com, but only entries in ou=people should be returned (for bonus, I'd only like certain attributes to be returned as well).

Can this be done?

© Server Fault or respective owner

Related posts about openldap

Can't install new database in OpenLDAP 2.4 with BDB on Debian

as seen on Server Fault - Search for 'Server Fault'
I'm trying to install an openldap server (slapd) on a Debian EC2 instance. I have followed all the instructions I can find, and am using the recommended slapd-config approach to configuration. It all seems to be just fine, except that for some reason it can't create my new database. ldap.conf.bak… >>> More
Installing openLDAP

as seen on Server Fault - Search for 'Server Fault'
I have followed installing openLDAP from http://www.openldap.org/doc/admin24/quickstart.html and follow the tasks up to # 9. when I run [ su root -c /usr/local/libexec/slapd ] it asks for password and after I type the password no indication of if server has been started or not. When I run [ ldapsearch… >>> More
Create Active Directory schema into OpenLDAP

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi Friends, I need to store Active Directory Data into OpenLDAP and for that I want to create the Active Directory schema into OpenLDAP. How to do it? >>> More
OpenLDAP on windows

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi Friends, I am looking for some way of implementing OpenLDAP on WindowsXP. Is this possible? If Yes thn please tell me how? >>> More
OpenLDAP and user role based accedss controll (RBAC)

as seen on Stack Overflow - Search for 'Stack Overflow'
Hello, my company uses an openldap server which stores corporate user information ((username,passwd and some other information like email are stored in ldap).. Till now they only use it for authentication but now we'd like to use for authentication also, this means that we'll create roles (as ldap… >>> More

Related posts about acl

Difference between array('Acl' => array('type' => 'requester')) and array('Acl' => 'requester') in C

as seen on Stack Overflow - Search for 'Stack Overflow'
I'm following the ACL tutorial for CakePHP 1.3 and I was wondering if there is a functional difference between declaring a behavior like this: var $actsAs = array('Acl' => 'requester'); and like this: var $actsAs = array('Acl' => array('type' => 'requester')); >>> More
Squid + Dans Guardian (simple configuration)

as seen on Server Fault - Search for 'Server Fault'
I just built a new proxy server and compiled the latest versions of squid and dansguardian. We use basic authentication to select what users are allowed outside of our network. It seems squid is working just fine and accepts my username and password and lets me out. But if i connect to dans guardian… >>> More
Squid configuration for proxy server

as seen on Server Fault - Search for 'Server Fault'
I have a server with 10 ip's that I want to give access to some friends via authentication but I'm stuck on squid's config file. Let's say I have these ip's available on my server: 212.77.23.10 212.77.1.10 68.44.82.112 And I want to allocate each one of them to a different user like so: 212.77… >>> More
Unable to get squid working for remote users

as seen on Server Fault - Search for 'Server Fault'
I am trying to setup squid 3.2.4, but I have not been able to get it working for remote users. Works fine locally. Unable to figure out what I am doing wrong... http_port 3128 transparent ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/usr/share/ssl-cert/myCA.pem refresh_pattern… >>> More
video and file caching with squid lusca?

as seen on Super User - Search for 'Super User'
hello all i have configured squid lusca on ubuntu 11.04 version and also configured the video caching but the problem is the squid cannot configure the video more than 2 min long and the file of size upto 5.xx mbs only. here is my config please guide me how can i cache the long videos and files with… >>> More