[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Suggestion: attribute;search



Hallvard B Furuseth wrote:
Kurt D. Zeilenga writes:

How about ;lang-x-hidden and some ACLs? No coding required.


Hm?  It isn't a language.  Sounds like an abuse of "lang".

Besides, I just finished coding user-defined attribute options:  Since I
thought I'd have to implement a new option anyway, I could just as well
generalize.  (They cannot be specified in slapd.conf "index" statements,
though.)

ACLs:  Good idea.  This now gives the effect I want:

 attributeoption x-hidden
 access to cn;x-hidden,sn;x-hidden,givenName;x-hidden,ou;x-hidden by * search

The ACL gets a bit cumbersome if many attributes use x-hidden, but I
guess I might leave it at that.


What about

access to attrs=;x-hidden by * s -r

that is, allow ACLs to consider attribute name extensions?

Ando.

--
Dr. Pierangelo Masarati         mailto:pierangelo.masarati@sys-net.it
LDAP Architect, SysNet s.n.c.   http://www.sys-net.it
-----------------------------------------------------------------------------
The receiver  of this message is required to check if  he/she has received it 
erroneously.  If  so,  the  receiver  is  requested to immediately inform the
sender and - in consideration of the responsibilities  arising from undue use 
and/or disclosure of the message  and/or  the information contained therein - 
destroy the original message and any copy or printout thereof.
-----------------------------------------------------------------------------