Hey Guys, Is it possible to restrict some users to read,search,compare just specific attributes but still use objectclass=* as a filter?
My aci: aci: (targetattr="uid || givenName || cn || sn || manager || mail")(targetfilter="(objectclass=*)")(version 3.0;aci "Access for app to specific needed attributes";allow (read,compare,search) groupdn="ldap:///cn=my-group";;) If I do a ldapsearch with this user (myuser is in the group my-group): ldapsearch -b "dc=rnp,dc=local" -W -D "uid=myuser" uid=alberto.viana Returns me the user alberto.viana and the attributes that acis allows but if I do: ldapsearch -b "dc=rnp,dc=local" -W -D "uid=myuser" objectclass=* returns me nothing. Thanks!! Alberto Viana
_______________________________________________ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
