With a relay backend, when i enable an ACL then i can only get back full
entries, but not specific attributes:
1. # extended LDIF
2. #
3. # LDAPv3
4. # base <dc=thunderbird> with scope subtree
5. # filter: uid=dmarkey
6. # requesting: ALL
7. #
8.
9. # dmarkey, user, thunderbird
10. dn: uid=dmarkey,ou=user,dc=thunderbird
11. objectClass: top
12. objectClass: person
13. objectClass: organizationalPerson
14. objectClass: inetOrgPerson
15. objectClass: posixAccount
16. objectClass: shadowAccount
17. objectClass: krb5Principal
18. objectClass: krb5KDCEntry
19. objectClass: sambaSamAccount
20. sn: Markey
21. givenName: David
22. uid: dmarkey
23. mail: dmar...@xxxx
24. cn: David Markey Staff
25.
26. # search result
27. search: 2
28. result: 0 Success
29.
30. # numResponses: 2
31. # numEntries: 1
Thats normal, Now we'll try to just get the mail attribute:
1. Robinson:/opt/openldap/etc/openldap # ldapsearch -b dc=thunderbird -x
uid=dmarkey mail
2. # extended LDIF
3. #
4. # LDAPv3
5. # base <dc=thunderbird> with scope subtree
6. # filter: uid=dmarkey
7. # requesting: mail
8. #
9.
10. # search result
11. search: 2
12. result: 0 Success
13.
14. # numResponses: 1
Nothing is returned.
Here is the relay database definition
database relay
suffix "dc=thunderbird"
relay "dc=example,dc=ie"
overlay rwm
overlay memberof
rwm-rewriteEngine on
rwm-suffixmassage "dc=example,dc=ie"
map attribute cn gecos
map attribute mail *
map attribute uid *
map attribute sn *
map attribute givenname *
map attribute memberof *
map attribute *
access to filter="memberOf=cn=staff,ou=groupofnames,dc=thunderbird"
by * read
Anyone see what im doing wrong here?
Thanks.
