Anonymous_User Absent Member.
Absent Member.
126 views

Ldap attributes


I am trying to accomplish being able to have an attribute in edirectory
writable by an ldap client authenticated.
I want to be able to hide that attribute on an unauthenticated ldap
request. Is this doable?

Thanks


--
warper2
------------------------------------------------------------------------
warper2's Profile: https://forums.netiq.com/member.php?userid=764
View this thread: https://forums.netiq.com/showthread.php?t=50254

Labels (1)
0 Likes
2 Replies
Anonymous_User Absent Member.
Absent Member.

Re: Ldap attributes

On Thu, 13 Mar 2014 20:44:01 +0000, warper2 wrote:

> I am trying to accomplish being able to have an attribute in edirectory
> writable by an ldap client authenticated. I want to be able to hide that
> attribute on an unauthenticated ldap request. Is this doable?


I think it's possible if you set the ACLs on the object to allow [Public]
to write to the attribute, but not to read it.

I can't imagine why you'd want to do this, though.


--
--------------------------------------------------------------------------
David Gersic dgersic_@_niu.edu
Knowledge Partner http://forums.netiq.com

Please post questions in the forums. No support provided via email.
If you find this post helpful, please click on the star below.
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Ldap attributes

On Thu, 13 Mar 2014 20:44:01 +0000, warper2 wrote:

> I am trying to accomplish being able to have an attribute in edirectory
> writable by an ldap client authenticated.
> I want to be able to hide that attribute on an unauthenticated ldap
> request. Is this doable?
>
> Thanks


Absolutely doable. You have to ensure that it's not [Public] readable,
and then grant rights to the attribute in the directory as you would
normally through the rights management system.

Since the LDAP client is authenticated when it's writing to the
attribute, what you're basically asking is for an attribute that can be
written to but not read by [public] - there are lots of attributes like
that even in the default schema.

Jim



--
Jim Henderson, CNA6, CDE, CNI, LPIC-1, CLA10, CLP10
Novell/SUSE/NetIQ Knowledge Partner
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.