[Date Prev][Date Next] [Chronological] [Thread] [Top]

attribute search help

I'm trying to do the following:
I add an attribute to my schema for security with values of either "Public" 
or "Private".
Then, each record has this attribute populated appropriately.

What I want is this:
If person is authenticated, then a search will return both "public" 
and "private" records.  If the person is anonymous, then only the "public" 
records will be returned by the search.

I can write my own client and make this work becuase I know about the 
attribute "security" and can have the program filter against it. 

BUT, a client built by someone else - such as Microsoft's Addressbook - does 
not know about this attribute and certainly does not filter against it.

Therefore, I need the openldap server to filter against this attribute every 
time a search is done.

My thought was to add access lists to the slapd.conf file that had a filter.  
Something like this:

access to attr=userPassword
 by * search
access to attr=Security
 by * read
access to * filter="(Security=PRIVATE)"
 by users read
access to * filter="(Security=PUBLIC)"
 by * read

of course, this won't work if the client does not request the "security" 
attribute.  The question becomes (assuming everything I have said above is 
true), "How do I force the attribute "security" to be returned (and, thus, 
filtered upon) every time the server is accessed?


David Pitts