Fedora directory users - Nov 2006 - LDAP search issue.

Hello;
I am using Fedora Directory Server 1.0.2.

I have a question on LDAP search issue.
I want to disable full search on the LDAP tree.

 Eg:

 My LDAP Tree is:

 cn=John Smith, o=Dept1, c=US
 cn=Ann Adams, o=Dept1, c=US

 I want to deny to read full listing of the tree but only allow when
 the search condition meets only the required person.
 In the example above I want nobody to be listed. But when the search
 criteria is "c=US, o=Dept1, cn=Ann Adams"  this entry must be listed.
 When a search on "c=US" comes, nothing must be listed.

What is the correct  Access Control Information for this request??



>You also posted this question to the OpenLDAP list.  Fedora DS and
>OpenLDAP have very different ACI models.  What is your server vendor and
>version?
 Thanks.

A G wrote:
> Hello;
> I am using Fedora Directory Server 1.0.2.
>
> I have a question on LDAP search issue.
> I want to disable full search on the LDAP tree.
>
>  Eg:
>
>  My LDAP Tree is:
>
>  cn=John Smith, o=Dept1, c=US
>  cn=Ann Adams, o=Dept1, c=US
>
>  I want to deny to read full listing of the tree but only allow when
>  the search condition meets only the required person.
>  In the example above I want nobody to be listed. But when the search
>  criteria is "c=US, o=Dept1, cn=Ann Adams"  this entry must be
listed.
>  When a search on "c=US" comes, nothing must be listed.
>
> What is the correct  Access Control Information for this request??
It is not possible to define this, you would need to write a custom 
pre-op plugin that failed non-base searches.

-- 
Pete