ACI tips in OpenDS? I want to restrict attribute read access to bound dn only

Question

I want to deny read and search access to all attributes in my small ldap record except to ldap:///self

I tried

(targetattr="foo||bar||bat") (version 3.0; acl "deny-all"; deny (read, search, compare) userdn="ldap:///anyone";)

(targetattr="foo||bar||bat") (version 3.0; acl "allow-some"; allow (read, search, compare) userdn="ldap:///self";)

but this didn't work.

Any tips? Am I missing something?

thanks -Bill

score 1 · Answer 1 · answered Mar 24 '15 at 18:39

1

It turned out to be fairly straightforward:

(targetattr="foo||bar||bat") (version 3.0; acl "deny-all"; deny (read, search, compare) NOT userdn="ldap:///self";)

answered Mar 24 '15 at 18:39

Bill Spornitz

thank you, I was looking for this and it worked perfectly – Muhmmad Aziz Jun 28 '15 at 10:28

1 Answers1