As David eldues to..create a user or role that the user is in and add it as
the proxy user for the LDAP group.
Put and IRF on the OU and remove Browse Entry right
Add the user\role as a trustee and remove the Browse Entry right
You may want to add your admin user\role as an explicit trustee just in
case.
If you want noone to see it then sdd the [Public] object as a trustee and
remove the Browse Entry right
now all anonymous users coming in via LDAP will use the proxy user rights
and the proxy user can't see that container..well unless someone has
explicit rights.
That's what we do here..in fact users cant see a whole heap of containers
that we dont want them to see.
"David Gersic" <dgersic@no-mx.forums.novell.com> wrote in message
news:0eqog6-4r4.ln1@wintermute.is.niu.edu...
> On Wed, 17 Jun 2009 17:26:02 +0000, delfaver wrote:
>
>> The end goal is to disallow a container to be viewed via anonymous ldap
>> lookup.
>
> Are you using an LDAP Proxy user (TID #7000340)? How much work are you
> willing to do, and comfortable doing? Are you familiar with IRFs and ACLs?
>
>
> --
> ---------------------------------------------------------------------------
> David Gersic dgersic_@_niu.edu
> Novell Knowledge Partner http://forums.novell.com
>
> Please post questions in the newsgroups. No support provided via email.
>
Re: LDAP, can one exclude a sub container?
Threaded Mode
