On Mon, Nov 14, 2011 at 1:37 PM, sim123 <[email protected]> wrote: > Hi All, > > I am playing with access controls on openldap 2.4.26, I have a user with > search access on everything > > access to * > by anonymous auth > by dn="uid=102,ou=system,dc=example,dc=com" search > > And when I perform search I get nothing > > ldapsearch -H "ldap://testldap:389"; -D > "uid=102,ou=system,dc=example,dc=com" -b "ou=users,dc=example,dc=com" -x -W > '(uid=1)' mail cn dn > > Enter LDAP Password: > # extended LDIF > # > # LDAPv3 > # base <ou=users,dc=example,dc=com> with scope subtree > # filter: (uid=1) > # requesting: mail cn dn > # > > # search result > search: 2 > result: 0 Success > > # numResponses: 1 > > so I get a success but no value, is it a valid response? I want to control > access so that the "uid=102" user can do lookup from given attributes but > can not do (objectClass=*) to get a list of every entry in the ldap. > > Thanks for the help >
Other way of stating my problem is I want to control query filters on the server side so the user with "uid=102" can only do query using filter (uid=.+) , all other filters should be restricted. I tried this regular expression but getting no such object error. Thanks
