On Mon, 2009-01-05 at 00:23 -0700, James Chavez wrote: > Hello, > > I am using FDS as a replacement for NIS for user authentication and > group and host entries. > > I am looking to allow anonymous searches of the directory but to > disallow the visibility of the userPassword attribute. > > I would like to allow access to the userPassword attribute to only the > user that is authenticating to the directory for logins. > > I have read the ACI chapter on the Directory services Administrator's > guide but I am still struggling a bit. > <snip> We deleted the anonymous access rule so I don't have it in front of me but I believe it defaults to not allowing access to the userPassword attribute. I don't have an idm-console handy but I believe you can check by right clicking on your top level container, viewing the ACIs, selecting the anonymous access, going to the attribute tab, clicking on the attribute column header to sort alphabetically and scrolling toward the end. See if the usePassword attribute is unchecked. If not, uncheck it. If you have enabled SAMBA extensions, you may also want to uncheck the NTPassword and, oops! - forgot the other one but something like LMPassword. Hope this helps - John -- John A. Sullivan III Open Source Development Corporation +1 207-985-7880 jsullivan at opensourcedevel.com http://www.spiritualoutreach.com Making Christianity intelligible to secular society
