On Wed, 02 Nov 2011 13:59:25 +0100, Kevin Hamilton <khamil...@umem.org>
wrote:
Hello everyone,
My name is Kevin and I am writing to ask a question about access to
ApacheDS 2.0.0-M2. Currently I have a bunch of users set up and the
apacheds is used to authenticate the users on my website. My question
is about accessing the apacheds. On my Apache Directory Studio, I can
login as admin and see everything. The problem is that I can also log
in as any other user in the database and I can see other user's
information. Not sure if I am being clear.
If someone has their own username and password and also the port and
address of my server, they can login (using Apache Directory Studio or
any other client) and see all of the records. Obviously the passwords
are hashed, but it is still a liability for the users to be able to
see e-mails/etc of other users.
Is there any way to limit the information that certain users can see
(ie, they could login, but not see any records)?
Please let me know soon.
Thanks,
Kevin
Hi Kevin,
I'm moving this topic to the users list...
There's a chapter about this topic in the doco. Please see the User Guides
on the topic "authorization".
Depending on what you intend to allow/disallow your users to see in your
directory, you might also need to write some ACIs. If you want, I can
assist you setting this up.
Please note that ehe documentation still mentions the server.xml file.
This file is however obsolete in version 2.0. Instead, config is done
directly in the server. You can alter the configuration using ehe
Directory Studio. Just look under the ou=config node.
Kind regards
Oliver
