以下示例包含请求过滤策略和搜索数据隐藏规则。当请求过滤策略与搜索数据隐藏规则相结合时,将限制对数据的访问,如下所示:
不允许执行以下类型的操作:添加、删除、扩展、修改和重命名。
只能访问 ou=people,dc=sun,dc=com 子树。
inetorgperson 类型以外的条目是由搜索操作返回的。
allow-add-operations : false allow-bind-operations : true allow-compare-operations : true allow-delete-operations : false allow-extended-operations : false allow-inequality-search-operations : true allow-modify-operations : false allow-rename-operations : false allow-search-operations : true allowed-comparable-attrs : all allowed-search-scopes : base allowed-search-scopes : one-level allowed-search-scopes : subtree allowed-subtrees : ou=people,dc=sun,dc=com description : myRequestFilteringPolicy prohibited-comparable-attrs : none prohibited-subtrees : none |
attrs : - rule-action : hide-entry target-attr-value-assertions : objectclass:inetorgperson target-dn-regular-expressions : - target-dns : - |