[Date Prev][Date Next] [Chronological] [Thread] [Top]

attribute search help

To: openldap-software@OpenLDAP.org
Subject: attribute search help
From: "Pitts, David S" <dsp6855@qx.net>
Date: Wed, 14 Nov 2001 12:15:24 -0600
User-agent: Internet Messaging Program (IMP) 2.3.7-cvs

Hi,
I'm trying to do the following:
I add an attribute to my schema for security with values of either "Public" 
or "Private".
Then, each record has this attribute populated appropriately.

What I want is this:
If person is authenticated, then a search will return both "public" 
and "private" records.  If the person is anonymous, then only the "public" 
records will be returned by the search.

I can write my own client and make this work becuase I know about the 
attribute "security" and can have the program filter against it. 

BUT, a client built by someone else - such as Microsoft's Addressbook - does 
not know about this attribute and certainly does not filter against it.

Therefore, I need the openldap server to filter against this attribute every 
time a search is done.

My thought was to add access lists to the slapd.conf file that had a filter.  
Something like this:

access to attr=userPassword
 by * search
access to attr=Security
 by * read
access to * filter="(Security=PRIVATE)"
 by users read
access to * filter="(Security=PUBLIC)"
 by * read

of course, this won't work if the client does not request the "security" 
attribute.  The question becomes (assuming everything I have said above is 
true), "How do I force the attribute "security" to be returned (and, thus, 
filtered upon) every time the server is accessed?

Thanks,

David Pitts
www.dpitts.com
dpitts@mk.net

Follow-Ups:
- Re: attribute search help
  - From: Julio Sanchez Fernandez <j_sanchez@stl.es>

Prev by Date: Re: replication (sending to slave and have it update master)
Next by Date: Re: attribute search help
Index(es):
- Chronological
- Thread