Hi there,
i ran into a problem with the ACLs.
I set up an account, what needed to acquire only certain attributes, i set the following
ACL:
(targetattr = "uid || mail || mailHost || accountType || accountStatus ||
mailAlternateAddress || mailForwardingAddress || mailUserPassword")
(target = "ldap:///dc=moveone,dc=info")
(targetfilter = ou=People)
(version 3.0;
acl "Email server can lookup some data";
allow (read,compare,search)
(userdn = "ldap:///cn=emailServerLookup,ou=People,dc=moveone,dc=info")
;)
but the search is gives back all the attributes, not only the allowed ones.
What i am miss?
the lookup:
ldapsearch -x -LLL -h ds -b ou=People,dc=moveone,dc=info -D
"cn=emailServerLookup,ou=People,dc=moveone,dc=info" -w TheSecretPassword
uid=karoly.czovek
dn: uid=karoly.czovek,ou=People,dc=moveone,dc=info
--
Karoly CZOVEK
Global Systems Administrator
MoveOne IT Department
Eastern Europe - Balkans - CIS& Central Asia - Middle East& Africa -
Asia Pacific
phone: +36 1 266 0181 - ext.6710
mobile: +36 70 708 9953
skype: mo_karoly.czovek
email: karoly.czovek(a)moveoneinc.com
web:
http://www.moveoneinc.com