Hi all, I''ve, again, a curious question :-) ; It''s possible to rename o=NetscapeRoot ? to something else like o=MyRoot ? And/or, it''s possible to hide the entry o=NetscapeRoot from unpriviligied users ? I''ve ACL on it to deny read inside, but, the "o=NetscapeRoot" stay visible when anonymous user browse with an LDAP browser for example. Thanks ! Yann
George Holbert
2006-Mar-27 23:12 UTC
Re: [Fedora-directory-users] Rename or Hide o=NetscapeRoot
I don''t think renaming o=NetscapeRoot is a good idea. What is it you want to do? If you just want to prevent people from browsing it, you''re on the right track with setting up some ACIs. If it can be browsed anonymously, there''s some ACI that''s allowing this. Look for "allow (anyone)" ACIs on o=NetscapeRoot. Yann wrote:> Hi all, > > I''ve, again, a curious question :-) ; > > It''s possible to rename o=NetscapeRoot ? to something else like o=MyRoot ? > > And/or, it''s possible to hide the entry o=NetscapeRoot from unpriviligied users > ? I''ve ACL on it to deny read inside, but, the "o=NetscapeRoot" stay visible > when anonymous user browse with an LDAP browser for example. > > Thanks ! > > Yann > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > >
Richard Megginson
2006-Mar-27 23:13 UTC
Re: [Fedora-directory-users] Rename or Hide o=NetscapeRoot
Yann wrote:> Hi all, > > I''ve, again, a curious question :-) ; > > It''s possible to rename o=NetscapeRoot ? to something else like o=MyRoot ? >It''s possible only with some serious code-fu, and it''s not something we''re likely going to do in the near future.> And/or, it''s possible to hide the entry o=NetscapeRoot from unpriviligied users > ? I''ve ACL on it to deny read inside, but, the "o=NetscapeRoot" stay visible > when anonymous user browse with an LDAP browser for example. >The console requires anonymous search/read access on o=netscaperoot in order to login. This is so you can just type in "admin" for your user name instead of "uid=admin,cn=Administrators,ou=TopologyManagement,o=NetscapeRoot". However, if you don''t mind typing in the latter every time you authenticate to the console or to admin express, you should be able to remove that anonymous access aci.> Thanks ! > > Yann > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users >