directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Oliver Schmidt" <oliver.schmidt....@arcor.de>
Subject [ApacheDS] Re: Access Restriction
Date Wed, 02 Nov 2011 18:04:36 GMT
On Wed, 02 Nov 2011 13:59:25 +0100, Kevin Hamilton <khamilton@umem.org>  
wrote:

> Hello everyone,
>
> My name is Kevin and I am writing to ask a question about access to
> ApacheDS 2.0.0-M2. Currently I have a bunch of users set up and the
> apacheds is used to authenticate the users on my website. My question
> is about accessing the apacheds. On my Apache Directory Studio, I can
> login as admin and see everything. The problem is that I can also log
> in as any other user in the database and I can see other user's
> information. Not sure if I am being clear.
>
> If someone has their own username and password and also the port and
> address of my server, they can login (using Apache Directory Studio or
> any other client) and see all of the records. Obviously the passwords
> are hashed, but it is still a liability for the users to be able to
> see e-mails/etc of other users.
>
> Is there any way to limit the information that certain users can see
> (ie, they could login, but not see any records)?
>
> Please let me know soon.
>
> Thanks,
> Kevin


Hi Kevin,

I'm moving this topic to the users list...

There's a chapter about this topic in the doco. Please see the User Guides  
on the topic "authorization".

Depending on what you intend to allow/disallow your users to see in your  
directory, you might also need to write some ACIs. If you want, I can  
assist you setting this up.

Please note that ehe documentation still mentions the server.xml file.  
This file is however obsolete in version 2.0. Instead, config is done  
directly in the server. You can alter the configuration using ehe  
Directory Studio. Just look under the ou=config node.

Kind regards
Oliver

Mime
View raw message