I am trying to lock down an openldap server (2.4.23). Using the FAQ I
have limited the user entries with:
{1)to attrs=userPassword by self =xw by anonymous auth
{2)to * by users read
However, I cannot figure out how to match the namingContexts attribute
with olcaccess to also prevent unauthenticated users from listing the
directories served. I have tried many variations of the following based
on search results:
to attrs=namingContexts by * none
to dn.exact="" attrs=namingContexts by * none
to dn.base="" attrs=namingContexts
val/distinguishedNameMatch="dc=mydomain,dc=com" by * none
Can anyone help?
Thanks
