directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kevin Hamilton <khamil...@umem.org>
Subject Access Restriction
Date Wed, 02 Nov 2011 12:59:25 GMT
Hello everyone,

My name is Kevin and I am writing to ask a question about access to
ApacheDS 2.0.0-M2. Currently I have a bunch of users set up and the
apacheds is used to authenticate the users on my website. My question
is about accessing the apacheds. On my Apache Directory Studio, I can
login as admin and see everything. The problem is that I can also log
in as any other user in the database and I can see other user's
information. Not sure if I am being clear.

If someone has their own username and password and also the port and
address of my server, they can login (using Apache Directory Studio or
any other client) and see all of the records. Obviously the passwords
are hashed, but it is still a liability for the users to be able to
see e-mails/etc of other users.

Is there any way to limit the information that certain users can see
(ie, they could login, but not see any records)?

Please let me know soon.

Thanks,
Kevin

Mime
View raw message