On 10/05/2011 08:30 AM, Karoly Czovek wrote: > Hi there, > > i ran into a problem with the ACLs. > I set up an account, what needed to acquire only certain attributes, i set the following ACL: > > (targetattr = "uid || mail || mailHost || accountType || accountStatus || mailAlternateAddress || mailForwardingAddress || mailUserPassword") > (target = "ldap:///dc=moveone,dc=info";) > (targetfilter = ou=People) > (version 3.0; > acl "Email server can lookup some data"; > allow (read,compare,search) > (userdn = "ldap:///cn=emailServerLookup,ou=People,dc=moveone,dc=info";) > ;) > > > > but the search is gives back all the attributes, not only the allowed ones. > What i am miss? > > > the lookup: > > ldapsearch -x -LLL -h ds -b ou=People,dc=moveone,dc=info -D "cn=emailServerLookup,ou=People,dc=moveone,dc=info" -w TheSecretPassword uid=karoly.czovek > dn: uid=karoly.czovek,ou=People,dc=moveone,dc=info > Does this aci conflict with the default anonymous search access aci that allows you to read every attribute except userPassword? -- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
