<quote who="Jerry Nicholls">
Basically I want a setup (a simple contacts list) where if you aren't an authenticated user you cannot do a search using a filter such as "(mail=*)". You can only perform explicit searches.
while i am new to LDAP, it seems you could set a default
ACL of deny to all unless authenticated, then individually
add ACLs for each of the fields and give it anonymous
read access.
i haven't tried it, but it sounds like a good idea, i will
probably play with it today and see if i can get it
working.
if it does work, then i know more about ldap and openldap then i had thought! wow. only been using it for a couple days.