[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Dynamic view

To: Michael Ströder <michael@stroeder.com>
Subject: Re: Dynamic view
From: Howard Chu <hyc@symas.com>
Date: Fri, 30 May 2008 02:42:12 -0700
Cc: Anders <mail@flac.kalibalik.dk>, openldap-software@openldap.org
In-reply-to: <483FC67F.4090609@stroeder.com>
References: <54810.bFoQE3daRhY=.1212055440.squirrel@webmail.hotelhot.dk> <483FC67F.4090609@stroeder.com>
User-agent: Mozilla/5.0 (X11; U; Linux i686; rv:1.9pre) Gecko/2008043023 SeaMonkey/2.0a1pre

Michael Ströder wrote:

Anders wrote:

We are using OpenLDAP for user authentication. Now we want to reuse the
data for internal address books. My problem is that not all records should
be shown in the address books.

Just as an example, I might want to hide all records that have
(active=FALSE).


First I'd try to consider using ACLs for this.
=>  your user authentication applications should have somewhat "higher"
rights than your e-mail clients.

Using back-relay should work; the relay backend can use a different set of ACLs from the main backend.

--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/

References:
- Dynamic view
  - From: "Anders" <mail@flac.kalibalik.dk>
- Re: Dynamic view
  - From: Michael Ströder <michael@stroeder.com>

Prev by Date: Re: Dynamic view
Next by Date: SubEntry behaviour in OpenLDAP
Index(es):
- Chronological
- Thread