On Mon, 2014-03-31 at 12:57 +0200, Jonas Kellens wrote: > On 31-03-14 12:52, Hallvard Breien Furuseth wrote: > > (...) > > So you get what you're specifying: No access to baseDN of your > > search. Append something like this to access list: > > > > access to * by * search > > won't this statement give access to everything and everyone ? Because if > it does, this is not what I want.
Yes - search but not read access, to everything not covered by previous access statements. So people can search for '(sn=Kell*) and discover that you exist, but not read your attributes. By all means replace it with a more restrictive statement. To see what, read man slapd.access section OPERATION REQUIREMENTS.
