[Date Prev][Date Next]
attribute search help
I'm trying to do the following:
I add an attribute to my schema for security with values of either "Public"
Then, each record has this attribute populated appropriately.
What I want is this:
If person is authenticated, then a search will return both "public"
and "private" records. If the person is anonymous, then only the "public"
records will be returned by the search.
I can write my own client and make this work becuase I know about the
attribute "security" and can have the program filter against it.
BUT, a client built by someone else - such as Microsoft's Addressbook - does
not know about this attribute and certainly does not filter against it.
Therefore, I need the openldap server to filter against this attribute every
time a search is done.
My thought was to add access lists to the slapd.conf file that had a filter.
Something like this:
access to attr=userPassword
by * search
access to attr=Security
by * read
access to * filter="(Security=PRIVATE)"
by users read
access to * filter="(Security=PUBLIC)"
by * read
of course, this won't work if the client does not request the "security"
attribute. The question becomes (assuming everything I have said above is
true), "How do I force the attribute "security" to be returned (and, thus,
filtered upon) every time the server is accessed?