This topic has 4 replies, 2 voices, and was last updated 2 weeks ago by user1234.

  • Author
    Posts
  • #28677
     user1234
    Participant

    Hi, how could I use ldapsearch with filter ds-pwp-account-disabled=true without using “Directory Manager”. If I ldapsearch with a normal user , this user can’t search this attribute, but others do.

    Thanks.

    #28678
     Ludo
    Moderator

    Hi,

    If an attribute is not visible for a user, it’s because there is no ACI to grant access to that attribute to the user. In your case, the ACI must grant both Read and Search permissions.

    #28679
     user1234
    Participant

    And how can I configure the aci for one attribute?

    Thanks a lot.

    #28680
     user1234
    Participant

    (targetattr = “ds-pwp-account-disabled”)(version 3.0;acl “Allow search ds-pwp-account-disabled atribute”;allow (all) (userdn = “ldap:///uid=User01,ou=Users,o=domain”);)

    this aci not work, is it something wrong?

    #28682
     user1234
    Participant

    I also try with (targetattr=”*”) but not work…

Viewing 5 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic.

©2021 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?