Which values are returned is part of the ldap query. Play around with ldapsearch. I suspect there's an easier answer available.
- chris Chris Jacobs, Systems Administrator, Technology Services Group Apollo Group | Apollo Marketing & Product Development | Aptimus, Inc. 2001 6th Ave | Ste 3200 | Seattle, WA 98121 phone: 206.839-8245 | cell: 206.601.3256 | Fax: 208.441.9661 email: [email protected] ----- Original Message ----- From: [email protected] <[email protected]> To: [email protected] <[email protected]> Sent: Mon May 09 06:14:12 2011 Subject: RE: masking LDAP search responses Hi, Please ignore my question, I have it sussed. I needed to put the rwm config after ldap-back (which I did) but BEFORE the ACLs, things are now working as expected. Thanks Paul > -----Original Message----- > From: [email protected] > [mailto:[email protected]] > Sent: 09 May 2011 10:46 > To: [email protected] > Subject: masking LDAP search responses > > Hi, > > I have an OpenLDAP to AD proxy up and running, and want to restrict the > data being returned when a search has completed. > > For example if I search for cn=abc1 I get a full response of all data > held in our AD for that CN, ie: > > filter: (cn=abc1) > dn: cn=abc1...... > displayName: Andrew Bertram Carlisle > objectClass: person > mail: [email protected] > MEMBEROF: OU=....... > homeDirectory: \\fileserver1.myad.mydomain.com\abc1 > . > . > . > > Naturally I want to be able to limit the data that is returned to the > barest minimum required for the querying service. > > I looked at the rwm overlay (slapo-rwm) and think I should be able to > do: > > overlay rwm > rwm-rewriteEngine on > rwm-map attribute displayName displayName > rwm-map attribute * > > So that ONLY the displayName gets shown on the output and the rest of > the data is filtered out. > > This does not seem to be working though and I am at the point where I > have no idea why. Does anyone have any suggestions that may help? > > Thanks > > Paul > This message is private and confidential. If you have received it in error, please notify the sender and remove it from your system.
