[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: hide attribute

Emmanuel Dreyfus wrote:
Michael Ströder <michael@stroeder.com> wrote:

Why not a simple ACL for a group? Do the applications bind anonymously?

Of course it does. I said it was ill-designed :-)
A nicer approach would probably to have a hidden jpegPhoto: it would not
be sent to a client requesting all attributes, but a client explicitely
requesting a set of attribute including jpegPhoto would get it.
I guess you will run into problems with some apps where you do want the
jpegPhoto to be displayed.

Fortunately, the only apps I have that use the jpegPhoto are wise enough to provide a set of attributes.

I think what you propose makes sense, I see few cases where it would be definitely useful. In general, anything gives an administrator the possibility to tune resource exhaustion sounds welcome. I think an overlay is the right place.

With respect to your specific problem, you should be able to do something close to what you need by loading your jpegPhoto as jpegPhoto;x-mustberequested, then only allow access to this attribute and not to plain jpegPhoto.


Ing. Pierangelo Masarati OpenLDAP Core Team

SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
Office:  +39 02 23998309
Mobile:  +39 333 4963172
Fax:     +39 0382 476497
Email:   ando@sys-net.it